Healthcare Hit by 187 Million Monthly Web App Attacks in 2020

  • Web application attacks in the healthcare sector surged in December as distribution of the first COVID-19 vaccines began, according to new data from Imperva.

    The security vendor claimed that attacks jumped 51% last month from detected volumes in November in a vertical that has been bombarded by cyber-criminals over the past year.

    Four specific attack types saw the largest increases: cross-site scripting (XSS) detections jumped 43%; SQL injection attacks surged 44%; protocol manipulation attacks soared 76%; and remote code execution/remote file inclusion detections increased 68% in December.

    XSS and SQLi attacks represented the number one and two threats detected by volume.

    Imperva SVP Terry Ray claimed it had been an “unprecedented year” of cyber activity, with global healthcare organizations (HCOs) experiencing 187 million attacks per month on average. That amounts to nearly 500 attacks per HCO each month — a 10% increase year-on-year.

    The US, Brazil, UK and Canada were the top countries targeted last year.

    Like organizations in many sectors, HCOs have been looking to digital transformation to help them survive and adapt through an extraordinary year. However, their reliance on third-party applications to save time and money may also have exposed them, according to Ray.

    “While there are sometimes business advantages to third-party applications, the risks include: patching only on the vendor’s timeline, known exploits that are widely publicized and constant zero-day research on widely used third-party tools and APIs,” he argued.

    “Reliance on JavaScript APIs and third-party applications creates a threat landscape of more complex, automated, and opportunistic cybersecurity risks that are increasingly challenging for all organizations to detect and stop. And while ransomware attacks commonly land healthcare organizations in the news, it’s only the vulnerable application front-end to all healthcare data that experiences the variety and volume of daily attacks noted above.”

    Ray also warned that many organizations may have a nasty surprise waiting for them as they start 2021, when the impact of December attacks start to become clear. HCOs’ focus in 2020 on supporting remote working and coping with the surge in COVID patients means less time may have been spent on incident response, he added.

    In just the first three days of 2021, Imperva saw a 43% increase in data leakage.