Indian healthcare organisations face over 2.78 lakh cyber attacks each month, second to the US, according to a study by Indusface, a security SaaS company. Globally, healthcare companies faced around 10 lakh cyber attacks in a month time span, it said. 

The ‘Vulnerabilities of Indian Healthcare Segment’ report showed that cross-site scripting- 1,17,818 instances, was the top attack category followed by HTTP Policy Violation — 70,068 and Apache Log4J Remote Code Execution — 11,917 were the other two attack categories.

Attacks on internal HRMS, customer service portals, ticketing systems, and developer tools made up 80 per cent of these attacks. This is despite having public-facing e-commerce, diagnostic reports downloads, and other websites, the report said. 

Lack of awareness

Ashish Tandon Founder & CEO of Indusface said, “Lack of risk awareness, use of legacy technologies by healthcare companies, and massive traffic loads make the Indian healthcare segment highly vulnerable to cyber attacks. Attacks were primarily done using brute force. Now hackers are deploying surgical methods such as bots to first find vulnerabilities and then spread ransomware.”

Hackers have become more sophisticated, they are now able to guess that every company uses certain software and the subdomains will follow a pattern. Hackers are then target these websites as they have valuable PII data that could be leaked to the dark web or used as a target for ransom, said the report

Crisis mode

It further noted that the pandemic pushed the global healthcare industry into a crisis mode, leading to an unprecedented scale of digital healthcare process implementations through websites and applications. 

The US was already at the forefront of digital healthcare services and naturally a major target. However, the rapid growth of this sector in India has made healthcare companies using legacy technology and outdated or limited cyber security measures highly vulnerable, the report added. 

comment COMMENT NOW