Application Security

More Than Half of Healthcare Applications are Open to Attack

Data indicates industry on the rebound despite exposure; leads all sectors by 14 percent in remediating critical vulnerabilities

The Application Security Division of NTT Ltd., a world leader in application security, today released AppSec Stats Flash Volume 10, the latest installment of the company’s monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape. NTT Application Security’s monthly analysis includes data from more than 400 million lines of code in applications spanning all industry sectors to provide comprehensive insight into the digital risks facing organizations today.

In AppSec Stats Flash Volume 10, NTT Application Security researchers take a closer look at the improving cybersecurity posture of applications in the healthcare industry, more than half of which currently contain a critical vulnerability.  

Key findings of the analysis include:

  • 52 percent of the applications in the healthcare industry have at least one serious vulnerability — rating ‘high’ or ‘critical’ on the Common Vulnerability Scoring System scale — open throughout the year
  • 18 percent of critical vulnerabilities found in applications are fixed within one month of discovery, while 39 percent were remediated within the examined timeframe
  • Healthcare has performed 14 percent better than the industry average on remediating critical risks in the past three months; a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis

“Healthcare is one of the most regulated industries in the U.S., and data breaches can quickly lead to lawsuits, revenue loss, and brand damage,” said Zach Jones, senior director of detection research. “To rise to the challenge posed by the critical need for accelerated digital transformation, healthcare organizations have had to reconfigure traditional procedures and protocols that have been in place for decades. We are glad to see an industry that is responsible for our most critical personal data is improving their application best practices.”

The most serious vulnerability healthcare organizations encountered in recent months was abuse of functionality, which refers to an attack technique that uses a website’s own features against it after gaining access to an organization’s network through password-recovery flows. However, a far more common vulnerability in healthcare organizations’ applications is information leakage — a weakness where an attacker uses sensitive data to exploit their target, its hosting network or users.

According to NTT’s 2021 Global Threat Intelligence Report, 67 percent of global attacks in 2020 can be attributed to application-specific or web-application attacks. This is a dramatic increase from 2018, in which application vulnerabilities accounted for 32 percent of the share. Jones adds, “the healthcare industry should focus on improving the remediation rate for critical vulnerabilities found in web applications in order to reduce its overall breach exposure. The longer these threats go unresolved, the more likely they are going to be exploited by nefarious actors.”

Those interested in learning more about the findings and analysis in AppSec Stats Flash Volume 10 can now download the report and stream the latest podcast episode on NTT’s Application Security website and popular platforms including Apple Podcasts, Spotify, Stitcher, Amazon, and more.

For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to

Related posts

Cyberhaven Appoints Chris Hodson as Chief Security Officer

PR Newswire

Purple Book Community & ArmorCode release State of AppSec Operations

PR Newswire

HiddenLayer wins 2023 SC Award for Most Promising Early-Stage Start Up

PR Newswire