Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

More than half of healthcare applications currently open to attack

healthcare-sec-freepik39077.jpg
October 26, 2021

The Application Security Division of NTT Ltd. released AppSec Stats Flash Volume 10, the latest installment of the company’s monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape. NTT Application Security’s monthly analysis includes data from more than 400 million lines of code in applications spanning all industry sectors to provide comprehensive insight into the digital risks facing organizations today. 


In AppSec Stats Flash Volume 10, NTT Application Security researchers take a closer look at the improving cybersecurity posture of applications in the healthcare industry, more than half of which currently contain a critical vulnerability. 


Key findings of the analysis include:

  • 52% of the applications in the healthcare industry have at least one serious vulnerability — rating ‘high’ or ‘critical’ on the Common Vulnerability Scoring System scale — open throughout the year
  • 18% of critical vulnerabilities found in applications are fixed within one month of discovery, while 39% were remediated within the examined timeframe.
  • Healthcare has performed 14% better than the industry average on remediating critical risks in the past three months, a positive trend for healthcare, historically performing below average based on a rolling 12-month analysis.


“Healthcare is one of the most regulated industries in the U.S., and data breaches can quickly lead to lawsuits, revenue loss, and brand damage,” said Zach Jones, senior director of detection research. “To rise to the challenge posed by the critical need for accelerated digital transformation, healthcare organizations have had to reconfigure traditional procedures and protocols that have been in place for decades. We are glad to see an industry that is responsible for our most critical personal data is improving their application best practices.”


The most serious vulnerability healthcare organizations encountered in recent months was an abuse of functionality, which refers to an attack technique that uses a website’s own features against it after gaining access to an organization’s network through password-recovery flows. However, a far more common vulnerability in healthcare organizations’ applications is information leakage — a weakness where an attacker uses sensitive data to exploit their target, its hosting network or users. 


According to NTT’s 2021 Global Threat Intelligence Report, 67% of global attacks in 2020 can be attributed to application-specific or web-application attacks. This is a dramatic increase from 2018, in which application vulnerabilities accounted for 32% of the share. Jones adds, “the healthcare industry should focus on improving the remediation rate for critical vulnerabilities found in web applications in order to reduce its overall breach exposure. The longer these threats go unresolved, the more likely they are going to be exploited by nefarious actors.” 


For more information about NTT’s Application Security Division, please visit whitehatsec.com.

KEYWORDS: application security cyber security health care risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • multicolored circular graohic

    93% of survey respondents currently have data on more than one cloud

    See More
  • cyber7-900px.jpg

    More Than Half of Organizations with Cybersecurity Incident Response Plans Fail to Test Them

    See More
  • A new report from DTEX Systems shows this year’s shift to a largely remote workforce by the Global 5000 has significantly changed behaviors of trusted insiders.

    More than half of companies discover employees intentionally masking online activities according to report

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing