Hacker hand stealing data from laptop showing web application attacks since COVID-19 vaccines

Healthcare Web Application Attacks Increased by 51% Since the Introduction of COVID-19 Vaccines

Web application attacks targeting the healthcare industry increased by 51% since COVID-19 vaccines were introduced, according to cybersecurity firm Imperva. The increase in the cyber-attacks was noted when the vaccines were disseminated between Nov and Dec 2020.

Contrarily, the research notes that, while the volume of attacks increased, the number of breaches decreased. The researcher posited that as healthcare organizations spent more time in supporting remote work, other areas such as threat research, incident response, and incident analysis were negatively affected. The researchers warned of more cyber attacks targeting the healthcare industry in 2021.

Four categories of web application attacks increased after the release of COVID-19 vaccines

Imperva researchers noted that four types of web application attacks skyrocketed after the introduction of COVID-19 vaccines.

Protocol manipulation attacks increased by 76% while remote code execution (RCE) increased by 68% from Nov to Dec 2020 when COVID-19 vaccines were released. SQL injection (SQLi) increased by 44%, while cross-site scripting (XSS) experienced a 43% jump.

Healthcare organizations experienced 187 million attacks monthly, with cross-site scripting and SQL injection attacks being the most detected by volume.

Each healthcare organization experienced roughly 498 attacks monthly, marking a 10% year-on-year increase. The topmost targeted countries in the world were the US, Brazil, the UK, and Canada.

The new research notes that although ransomware attacks receive the most publicity, web application attacks were the most frequent.

Notable attacks include the Pfizer COVID-19 vaccine data theft that took place in December 2020. The data was illegally accessed from the European Medicines Agency (EMA) servers.

The leak was discovered by EMA and law enforcement after the stolen data surfaced on underground hacking forums on Dec 31, 2020. The attack was among similar incidents collectively described as a “global phishing campaign” targeting organizations developing COVID-19 vaccines.

On March 14, 2020, Hammersmith Medicines Research was hit by a maze ransomware attack, receiving massive publicity. The incident took place four days before the threat actor promised to stop targeting healthcare systems. However, they continued demanding ransom from the research facility, even leaking data online to coerce payment.

Increased adoption of Healthcare IT expands the attack landscape

The report noted that the adoption of information technology in the healthcare industry increased rapidly during the pandemic.

“By some estimates, what would normally take 10 years to accomplish will now be done in three years,” the report stated.

The growth was associated with reliance on third-party applications instead of developing in-house solutions. While the adoption of third-party applications had some benefits to the organizations, the reliance on third-party applications opened a new threat landscape that predisposed the organizations to various web application attacks.

For example, patching critical vulnerabilities on third-party applications could only be done according to the vendor’s timeline.

Similarly, the vulnerabilities affecting popular third-party apps are widely known. Threat actors also frequently carry out zero-day research on the most widely-used third-party healthcare applications to discover new vulnerabilities.

Most web applications also heavily rely on JavaScript. The reliance on JavaScript complicates the threat landscape, making it challenging for organizations to detect and patch vulnerabilities. This situation increases the possibility of successful web application attacks.

Imperva suggested that more breaches would be reported in 2021, including those initially overlooked. Coincidentally, a 43% increase in data breaches was recorded within the first three days of 2021.

“Healthcare was hard hit in 2020, and 2021 looks like it will bring more of the same,” says Saryu Nayyar, CEO at Gurucul. “The COVID-19 pandemic changed how we work, with a massive shift to remote work for those who can do it, and that brought new cybersecurity challenges as organizations brought their security up to deal with the new threat surfaces.”

“This was especially challenging for Healthcare, which had the added challenge of an unprecedented number of patients stressing their resources to the limit and leaving few cycles to deal with cyber threats.”

Healthcare organizations must keep up with evolving threats

Imperva advises healthcare organizations to take various mitigation efforts to defend themselves against different forms of web application attacks as the threat landscape evolves and expands.

Organizations should invest in application and data security solutions offering multilayered protections to secure data in transit. This is necessary as data resides on multiple platforms and is served through various APIs.

Healthcare organizations should also move away from point solutions and involve partners with integrated platforms protecting “against the leading attacks and optimizes web performance, helping the organization to operate more efficiently and securely,” the report stated.

Imperva also reminds healthcare organizations to strive towards regulatory compliance, adding that “most privacy and data security regulations today require healthcare providers and payers to demonstrate access controls and monitoring for all access to sensitive patient healthcare information.”

Commenting on the rise in web application attacks since the introduction of COVID-19 vaccines, Chloé Messdaghi, Chief Strategist at Point3 Security, says that Healthcare has always been targeted by cybercriminals because health data is very valuable.

She suspects that the threat actors worked on behalf of their countries or clients to steal COVID-19 vaccines test and treatment data.

“When attackers get access to healthcare data, they often harvest IP information – how a vaccine, other medications or treatment plan were created, the efficacy of the measure, who it may have been tested on,” Messdaghi notes. “In this current pandemic, it’s likely that the threat actors are working on behalf of other nations or competitors trying to develop vaccines themselves.”

She adds that the urgency surrounding COVID-19 vaccines would force the affected organizations to pay the ransom to avoid disruptions. On a positive note, Messdaghi says that the rise in healthcare cyber-attacks would assist the sector to improve its cybersecurity defenses.