Funtap - stock.adobe.com

COVID-19 Vaccine Distribution Spurs 51% Rise in Health Web App Attacks

Imperva data finds cyberattacks targeting healthcare web applications increased by 51 percent since the rollout of COVID-19 vaccine distribution in December.

Cyberattacks on web applications tied to the healthcare sector increased by 51 percent, since the start of COVID-19 vaccine distribution in December, according to a new report from Imperva Research Labs.

Imperva’s cloud network gathers data to compile its Cyber Threat Index, which researchers use to monitor and analyze threat activity.

In December alone, hackers leveraged a range of techniques to target vulnerable healthcare entities. The largest targeted facilities were found in the US, Brazil, the UK, and Canada.

Specifically, the data found an increase in the volume of four key attack areas, led by a 43 percent spike in cross-site scripting (XSS) attacks in December. The second-largest volume of attacks were SQL injections, which increased by 44 percent.

Notably, protocol manipulation attacks rose at the greatest rate, 76 percent, although the overall volume of attacks were fewer than the leading tactics. Remote code execution (RCE) or range file inclusion (RFI) attacks increased by 68 percent in December, but still had a smaller overall attack volume, according to the report.

The report also found a 43 percent increase in data leakage across the sector in just the first three days of 2021 alone. Imperva explained this includes unauthorized data transmission within an organization to an external recipient or system -- often the result of a breach.

Throughout 2020, the global healthcare sector experienced a record 187 million attacks per month, or about 498 attacks per organization, each month. Imperva notes that’s a 10 percent increase in attacks, year-over-year.

“It underscores the growing vulnerability of web applications for healthcare organizations — many of which are still struggling to manage the demands of the on-going global pandemic,” researchers explained.

The report findings mirror earlier Check Point research, which also saw a 45 percent increase in overall cyberattacks against healthcare entities since November. The data found an average of 626 attacks per organization in November, compared to 430 weekly attacks on providers the month before.

Meanwhile, just over 500 healthcare entities reported experiencing a data breach impacting more than 500 patients during the first 10 months of 2020, according to Fortified Health Security. A data point Imperva noted is well-below the reported breach numbers of 2019.

“As someone who has worked in cybersecurity for more than 20 years, this makes no sense,”  Terry Ray, Imperva senior vice president, fellow, and report author explained. “My hypothesis is that many organizations likely don’t know the extent or impact of these attacks yet.” 

“The reason being: for most of the year, healthcare was focused on trying to enable remote work while managing the frontline logistics of a global pandemic. Thus, less time was spent on threat research, incident response and incident analysis,” he added.

To Ray, the rapid acceleration of digital transformation across the sector in response to the global pandemic has equally and simultaneously increased the threat landscape, including the use of third-party applications.

The risks posed by these applications include patching software on the vendor’s timeline, publicly known exploits, and zero-day research on widely used third-party tools and apps. The use of JavaScript APIs and third-party applications have also increased the complexity of attacks, while expanding the threat of automated and opportunistic activities.

In fact, attacks on these applications are the “only the vulnerable application front end to all healthcare data that experiences the variety and volume of daily attacks noted above.”

In response, healthcare entities should concentrate their efforts on modernizing systems and services, including investing in application and data security with better multi-layered protection. Administrators should also consider moving away from point solutions to address each unique risk.

Instead, entities should focus on partnering with one security provider or integrated platform able to both optimize web performance and gain protection against leading threats.

Healthcare providers should also review previous insights for building cyber resilient networks and infrastructure in light of the digital transformation occurring in response to COVID-19. These tools include network access management, greater visibility, and automation.

Next Steps

Dig Deeper on Cybersecurity strategies