A new report by cyber assessment company Outpost24 has found that 90% of the web applications used by the US healthcare operators are vulnerable to cyber-attacks.

The company recently published the results of its 2021 Web Application Security for Healthcare report, which assessed the top ten healthcare providers in the US.

According to the report, majority of the healthcare providers had an external attack surface score of 30 out of 58.4. The figure is classified by the company as ‘critically exposed’ indicating high susceptibility.

Outpost24 used its external attack surface management tool to determine the scores and evaluate the security exposure of healthcare providers’ web services.

The report found that US entities had a larger attack surface with an average risk exposure score of 40.5 compared to their counterparts in Europe. The European Union pharmaceutical companies had a score of 32.79.

The tool is said to have been designed to make assessments considering various factors such as applications per page, usage of outdated software components as well as what vulnerable third-party software it is using.

The report further said that top ten US healthcare organisations operate 6,069 web applications on 2,197 domains, of which 3% considered as ‘suspicious’.

Additionally, the report underlined that 24% of these applications run on old components.

Outpost24 suggested that healthcare providers must take measures to minimise vulnerabilities and work to minimise overall attack surface.

Outpost24 security researcher Nicolas Renard said: “It’s paramount the healthcare organisations carry out the necessary due diligence to continuously evaluate their internet exposed security perimeter given the highly sensitive information stored.

“Any kind of data breach and downtime for healthcare organisations can be fatal, therefore they must take a proactive stance to identify and mitigate potential security issues before critical care can be impacted.”