Healthcare patients demand easy access to medical records and scheduling, and the natural response is to offer more web applications.
Doctors and staff inside healthcare organizations also demand web applications for fast access to medical records, test results, and other critical data.
But web applications come at a risk. If not carefully designed and maintained, they can become targets for cyber attacks.
New research reveals trends in web application attacks in healthcare compared to attacks in other industries. Published by Positive Technologies, the report’s data was collected from web application firewalls during Q2 2017.
Here are the top five types of healthcare web application attacks shown in the report.
SQL injection (SQLi) attacks occur when someone “injects” SQL statements into data-entry fields, such as a text box in an online form. The goal is to trick the system into revealing or manipulating its data.
SQL is a programming language used to communicate with databases, such as to query or change data and its often used by web applications.
SQLi attacks accounted for nearly half (46.0%) of all healthcare web application attacks reviewed by Positive Technologies in Q2 2017.
However, across all industries, SQLi accounted for a far smaller percentage of web app attacks (24.9%), suggesting they are almost twice as common in the healthcare industry.
Denial-of-service attacks (DDoS) accounted for slightly more than 1 in 5 web application attacks in healthcare (22.8%).
This is eight-times greater than the cross-industry average (2.8%). Perhaps this is due to the growing reliance of healthcare organizations on web portals?
DDoS attacks attempt to overwhelm resources – such as servers hosting web applications or websites – to slow or crash them, “denying” service to legitimate users.
While it’s tempting to write off the attacks as an inconvenience, they can harm companies via:
DDoS attacks are also being used as smokescreens for network attacks, distracting from the attackers’ primary goal, which may be far more damaging.
Cross-site scripting (XSS) attacks account for roughly 1 in 6 attacks (16%) against web applications in healthcare.
Averaged across all industries, XSS is the most common type of web application attack, accounting for near+ly 40% of the total.
XSS begins when an attacker injects a malicious script into a vulnerable web application and the script is displayed to other users. The script can be used to redirect users to other websites, steal login credentials, and more.
About 1 in 20 healthcare attacks observed were cases of path traversal, also known as directory traversal.
This is roughly equal to the prevalence of this attack more broadly across industries (6.6% overall).
Path traversal is when an attacker crafts an HTTP request to navigate to unauthorized parent directories and display the contents of sensitive files.
You can see a simple example of path traversal on Wikipedia.
Though a small percentage of attacks on healthcare web applications use local file inclusion (LFI), they were far more common in healthcare than in general.
LFI attacks are similar to directory traversals. The attacker crafts an HTTP request to access unauthorized files. However, instead of displaying the file’s contents, its code is executed on the system.
You can see a simple example of LFI from the Open Web Application Security Project (OWASP).
The remainder of web application attacks in healthcare are bundled into “the other” category and are 5% of the total.
A few worth mentioning:
Best Practices in Health Care Application Security – via SANS
Top 8 Network Attacks by Type in 2017
5 Security Controls that Stop 85% of Cyber Attacks