COVID-19 has put the healthcare industry under exponential strain. As we see a surge in ransomware attacks on the sector this study examines the unique vulnerabilities of healthcare applications, highlighting how the pandemic has exacerbated cyber risk and presents practical recommendations for mitigation.
We used our external attack surface management tool (EASM) to uncover and analyze the internet exposed applications of the Top 20 pharma and healthcare organizations in the EU and US, revealing the common attack vectors and potential vulnerabilities in their external digital footprint.
Key report findings:
- 85% of the top 20 pharma and healthcare applications studied are ‘critically exposed’ – scoring above 30 (out of 58.24), indicating a high susceptibility for security and vulnerability exposure
- US healthcare organizations have a larger attack surface with an average risk exposure score of 40.5 vs an average score of 32.79 for EU healthcare
- US healthcare organizations run a total of 6,069 web applications over 2,197 domains with 3% of them considered as suspect (e.g. test environment) and 23.74% running on vulnerable components
- EU healthcare organizations run a whopping 20,394 web applications over 9,216 domains with 3.3% considered as suspect and 18.3% running vulnerable components
- Degree of Distribution, Page Creation Method and Active Content are the top 3 attack vectors identified across US and EU healthcare organizations
Download the 2021 Web Application Security Report for Pharma and Healthcare, to uncover common security flaws and learn how to effectively secure your organizations’ internet-facing applications.