In the age of COVID-19, healthcare security has never been more vital. But despite the known risks, a new report finds that applications in the industry continue to remain at high risk of being attacked because of poor security.

The data comes from the Application Security Division of NTT Ltd., which found that 52% of the applications in the healthcare industry have at least one serious vulnerability, rating “high” or “critical” on the Common Vulnerability Scoring System scale, open throughout the year.

Some 18% of critical vulnerabilities found in applications are fixed within one month of discovery, while 39% were remediated within the examined timeframe. While the figures are not positive, the report noted that the healthcare sector has performed 14% better than the industry average on remediating critical risks in the past three months, a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis.

Compared with retail, healthcare applications were not found to be as vulnerable either, but healthcare also has a higher responsibility to consumers given the data involved. Added to the mix is that the healthcare industry is one of the most regulated industries in the U.S. and data breaches can quickly lead to lawsuits, revenue loss and brand damage.

The most severe vulnerability healthcare organizations encountered in recent months was an “abuse of functionality,” referring to an attack technique that uses a website’s features against it after gaining access to an organization’s network through password-recovery flows. However, the far more common vulnerability in healthcare organizations’ applications is information leakage, a weakness where an attacker uses sensitive data to exploit their target, its hosting network, or users.

Overall,two-thirds of global attacks in 2020 were attributed to application-specific or web-application attacks, a dramatic increase from 2018, when application vulnerabilities accounted for nearly a third of the share.

“To rise to the challenge posed by the critical need for accelerated digital transformation, healthcare organizations have had to reconfigure traditional procedures and protocols that have been in place for decades,” Zach Jones, senior director of detection research at NTT, said in a statement. “The healthcare industry should focus on improving the remediation rate for critical vulnerabilities found in web applications in order to reduce its overall breach exposure. The longer these threats go unresolved, the more likely they are going to be exploited by nefarious actors.”

Photo: Pxfuel