There has been a significant increase in healthcare industry web application attacks according to new data published by cybersecurity firm Imperva. Imperva Research Labs monitored a 51% increase in web application attacks between November 2020 and December 2020, which coincided with the start of the rollout of COVID-19 vaccines.
Imperva SVP Terry Ray said 2020 had been an unprecedented year of cyber activity, with healthcare web application attack volume up 10% year-over-year. On average there were 187 million web application attacks on healthcare targets each month in 2020, with each organization monitored by Imperva experiencing an average of 498 attack a month. The top targets were located in the United States, United Kingdom, Brazil, and Canada.
In December, Imperva Research Labs detected significant increases in four types of attacks. The largest increase was seen in protocol manipulation attacks, which increased 76% from the previous month and were the third most common attack type. There was a 68% increase in remote code execution / remote file inclusion attacks, although they only accounted for a relatively small volume of attacks.
Cross-site scripting (XSS) attacks were the most common attack type, with attack volume increasing 43% from the previous month. SQL injection attacks were the second most common attack type, with these attacks increasing by 44% since November.
While the number of web application attacks increased, reports of actual data breaches decreased globally. “My hypothesis is that many organizations likely don’t know the extent or impact of these attacks yet. The reason being: for most of the year, healthcare was focused on trying to enable remote work while managing the frontline logistics of a global pandemic. Thus, less time was spent on threat research, incident response and incident analysis,” said Ray.
Healthcare organizations will likely only discover the impact those attacks have had in the first few weeks of 2021. Worryingly, Imperva detected a 43% increase in healthcare data leakage in the first three days of 2021. This is the unauthorized transmission of data from within an organization to an external recipient, which is often the result of a security breach.
2020 has certainly been a challenging year, and that has seen IT transformation significantly accelerated. Ray explained that in healthcare the speed of transformation has been impressive, with IT projects that would normally take 10 years being shortened to just three, with some digital initiatives having a timeline of weeks or months.
While the acceleration is impressive, it has resulted in risks being introduced. “Many healthcare organizations rely on third-party applications anytime they can, instead of writing their own, for the convenience it offers, to reduce IT development risks and costs and to facilitate greater collaboration,” said Ray. “While there are sometimes business advantages to third-party applications, the risks include: patching only on the vendor’s timeline, known exploits that are widely publicized and constant zero-day research on widely used third-party tools and APIs.”
The increased reliance on JavaScript APIs and third-party applications has had the effect of creating a threat landscape of complex, automated, and opportunistic cybersecurity risks, which are difficult for organizations to detect and block.
The increase in attacks is certainly bad news, but there are steps that healthcare organizations can take to reduce risk. Systems should be modernized, and investment in application and data security should be increased. Rather than using point solutions to address each unique risk, an integrated platform should be used that can optimize web performance while protecting against all the main web application threats.
The post Healthcare Industry Web Application Attacks Increased by 51% in December appeared first on HIPAA Journal.