Report: Healthcare Websites Attacked by Hackers More than Any Other Sector

Security breaches and data theft continue to be relevant topics for all those involved in healthcare. Unfortunately, the threat of data breaches is not going to disappear. Providers, practices, and health systems must take the issue seriously, and there's a new area of tech space to focus attention on — your web applications

According to the Q3 Web Application Attack Report from Positive Technologies, web applications in the healthcare sector are the most highly attacked of all sectors, with an average of 1,526 incidents per day. Surprisingly, that number surpassed that of banks (1,014), IT (660), and government (196) sectors.

The report calls attention to a significant change in the type of healthcare application being attacked. Analysts note that the majority of attacks this quarter were on web applications that are informational, or " other words, they do not handle private data or patient medical records."

Analysts found that it took an average of three days to begin exploiting a vulnerability after hacking a web application. However, exceptions exist. For example, in the Optionsbleed vulnerability revealed earlier this year, it took only three hours before attempts to exploit data could begin.

Additionally, the report details an increase in types of attacks that allow intruders the chance to obtain control over a server or web application. Local File Inclusion, which is when a hacker tricks a web application into including local files, rose to 10 percent; while the number of high-severity attacks, such as Remote Code Execution and OS commanding, doubled.

The report shows that web applications were attacked between 500 and 700 times daily, a number that rarely dipped below 200. The maximum number of attacks per day reached a high of 4,321.

The report indicates that hackers leverage opportunities that offer greater benefits, such as attacking on evenings and weekends when ordinary web users are the most active. Making it more important than ever for physicians and staff to stay informed on data security, a seemingly dated topic.

Scott Rupp's picture

Scott Rupp


Scott E. Rupp is a writer and an award-winning journalist focused on healthcare technology. He has worked as a public relations executive for a major electronic health record/practice management vendor, and he currently manages his own agency, millerrupp. In addition to writing for a variety of publications, Scott also offers his insights on healthcare technology and its leaders on his site, Electronic Health Reporter.

comments powered by Disqus

Related Articles