December was a devastating month for healthcare organizations in terms of cybersecurity. As vaccines started rolling out across the world, the number of web application attacks against healthcare organizations spiked by 51 percent.
This is according to fresh figures from cybersecurity researchers at Imperva, which claims healthcare organizations experienced 187 million attacks in total (roughly 500 per organization). Year-on-year, the number of cybersecurity incidents spiked 10 percent and the most popular targets were in the US, Canada, the UK and Brazil, which are also some of the countries worst affected by the Covid-19 pandemic.
According to Imperva, the four major attack vectors were cross-site scripting (XSS), SQL injections (SQLi), protocol manipulation attacks and Remote Code Execution/Remote File Inclusion (RCE/RFI).
The researchers also pointed to a discrepancy: while attack volume grew substantially, the number of breaches decreased. They claim these figures make little sense and that it’s more likely that many organizations were too busy setting up remote working to bother analyzing threats, incidents, or incident response.
They concluded that the full scope of these attacks will only be visible in a few months’ time.
Cybercriminals all over the world have had a field day with the Covid-19 pandemic. In some cases, they targeted hospitals treating Covid-19 patients with ransomware, knowing that ransom demands are more likely to be met when lives are at stake.
They also preyed on employees faced with remote working for the first time and took advantage of fears surrounding the virus to spread malware and misinformation.