Healthcare industry sitting on ticking time bomb of web application attacks

Dive Brief: * Web application cyberattacks in the healthcare industry increased 51% in December, as COVID-19 vaccine distribution began, according to a report by Imperva Research Labs released Tuesday. * Healthcare organizations, on average, were hit by nearly 500 web application attacks every month...

Full description

Saved in:
Bibliographic Details
Published inHR Dive
Main Author Schwartz, Samantha
Format Trade Publication Article
LanguageEnglish
Published Washington Industry Dive 13.01.2021
Subjects
Access control
Coronaviruses
COVID-19
COVID-19 vaccines
Cybercrime
Data integrity
Health care industry
Malware
Pandemics
Ransomware
Vaccines
Online AccessGet full text

Cover

More Information
Summary:Dive Brief: * Web application cyberattacks in the healthcare industry increased 51% in December, as COVID-19 vaccine distribution began, according to a report by Imperva Research Labs released Tuesday. * Healthcare organizations, on average, were hit by nearly 500 web application attacks every month in 2020, a 10% year-over-year increase, according to Imperva. * In December, cross-site scripting (XSS) attacks spiked 43%, accounting for the majority of overall web application attacks. The spike in web application attacks directly correlates with how "many of the COVID-19 mitigation efforts are powered by new web applications and services," said Terry Ray, SVP and fellow at Imperva, though the company can't exactly pinpoint why the rise in attacks coincide with vaccine distribution. Data breaches rooted in web application flaws are often traced back to issues with: * Cross-site scripting * Broken access control * Resetting passwords due to failing to invalidate a session * Server security misconfiguration * Bypassing authentication due to broken authentication or session management Each flaw provides attackers with a variety of execution strategies.