Cyber attacks in healthcare up 51 per cent, study finds

By Leila Hawkins
Web application attacks rose after the coronavirus vaccination began its rollout...

Web application attacks on healthcare organisations spiked by 51 per cent following global roll outs of the COVID-19 vaccine in December, new research has found. Facilities operating in the UK, US, Brazil and Canada were the top targets. 

Research by IT security company Imperva Research Labs shows that the healthcare industry is experiencing a 10 per cent increase each year in cyber attacks each year, highlighting the growing risk for the healthcare sector, particularly during the ongoing pandemic.

Web application attacks may not be as commonly known as ransomware attacks, but they are just as malicious. Types of web application attacks include: 

Cross-site scripting (XSS). This can lead to patient accounts being compromised, and pages modified for patients to give out personal information. These attacks grew by 43 per cent in December. 

SQL injections (SQLi). These put patient data at risk, and in the most serious cases can give the attacker admin rights over a database. SQLi attacks increased by 44 per cent in December. 

Protocol manipulation, or ‘HTTP request smuggling’. This lets hackers interfere with how a website processes sequences of HTTP requests, allowing an attacker to bypass security controls, gain unauthorised access to sensitive data, and directly compromise other application users. Protocol manipulation attacks are rising fastest - by 76 per cent in December. 

Remote Code Execution/Remote File Inclusion (RCE/RFI). These target vulnerabilities in web applications so the attacker can upload malware. If successful, this can result in information theft, compromised servers and a takeover of the site. 

"Reliance on JavaScript APIs and third-party applications creates a threat landscape of more complex, automated, and opportunistic cybersecurity risks that are increasingly challenging for all organisations to detect and stop" Terry Ray, SVP at Imperva explains. 

"While ransomware attacks commonly land healthcare organisations in the news, it’s only the vulnerable application front end to all healthcare data that experiences the variety and volume of daily attacks noted above.

Ray adds that while the volume of attacks increased in 2020, the number of breaches decreased. "As someone who has worked in cybersecurity for more than 20 years, this makes no sense. My hypothesis is that many organisations likely don’t know the extent or impact of these attacks yet. The reason being: for most of the year, healthcare was focused on trying to enable remote work while managing the frontline logistics of a global pandemic. Less time was spent on threat research, incident response and incident analysis."

He predicts more breaches in 2021. "In the first three days of 2021, Imperva researchers saw a dramatic 43 per cent increase in data leakage, the unauthorised transmission of data from within an organization to an external destination or recipient, which is often the result of a breach. 

To defend themselves against these threats, healthcare providers must protect their data and look at other solutions. "With teams under-resourced, managing a growing stack of point solutions to address each unique risk is unrealistic. Instead, find a partner that can offer an integrated platform that provides protection against the leading attacks and optimizes web performance, helping the organization to operate more efficiently and securely" Ray says. 

"Don’t forget regulatory compliance. Most privacy and data security regulations today require healthcare providers and payers to demonstrate access controls and monitoring for all access to sensitive patient healthcare information." 


Featured Articles

McKinsey: Consumers Demand Data-driven Wellness Products

New McKinsey Future of Wellness survey shows that consumers demand data-driven wellness solutions to improve health, sleep, nutrition, fitness & longevity

SpaceX Starlink Launch Boost for Indonesia Healthcare

As SpaceX CEO Elon Musk helps launch new satellite in Indonesia, we look at how the Starlink programme is improving healthcare provision in remote areas

J&J Targets Supplier Sustainability to Cut Healthcare GHGs

Johnson & Johnson takes collaborative approach to tackling the problem of carbon emissions in the global healthcare supply chain

Walgreens to Sell Over-the-Counter Opioid Overdose Drug

Medical Devices & Pharma

McKinsey Health Institute: Focus on Health Insights Body

Digital Healthcare

AstraZeneca & Celonis Map out Digital Transformation

Technology & AI