Over half of healthcare apps have a serious vulnerability

A new study from the Application Security Division of NTT Ltd reveals that 52 percent of applications in the healthcare industry have at least one serious vulnerability -- rating 'high' or 'critical' on the CVSS scale -- open throughout the year.

However, healthcare has performed 14 percent better than the industry average on remediating critical risks in the past three months. This represents a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis.

The study also shows that 18 percent of critical vulnerabilities found in applications are fixed within one month of discovery, while 39 percent were remediated within the examined timeframe.


"Healthcare is one of the most regulated industries in the US, and data breaches can quickly lead to lawsuits, revenue loss, and brand damage," says Zach Jones, senior director of detection research at NTT. "To rise to the challenge posed by the critical need for accelerated digital transformation, healthcare organizations have had to reconfigure traditional procedures and protocols that have been in place for decades. We are glad to see an industry that is responsible for our most critical personal data is improving their application best practices."

The most serious vulnerability healthcare organizations have encountered in recent months is abuse of functionality, which refers to an attack technique that uses a website's own features against it after gaining access to an organization's network. A more common vulnerability is information leakage, where an attacker uses sensitive data to exploit their target, its hosting network or users.

According to NTT 67 percent of global attacks in 2020 can be attributed to application-specific or web-application attacks, this is up from 32 percent in 2018. Jones adds, "The healthcare industry should focus on improving the remediation rate for critical vulnerabilities found in web applications in order to reduce its overall breach exposure. The longer these threats go unresolved, the more likely they are going to be exploited by nefarious actors."

The full report is available on the NTT site.

Image credit: scanrail/depositphotos.com

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.