- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
Vulnerable Web Applications Prevalent in EU Pharma Companies
Europe’s top 10 pharma companies all have vulnerable web applications, potentially putting sensitive medical and patient data at risk of being hacked, according to a new study by Outpost24.
The company used its external attack surface management tool to assess the security of Europe’s top pharma firms’ internet-facing web services. Worryingly, they gave 80% of these organizations a score of above 30 (out of 58.4), which indicates a high susceptibility to having security vulnerabilities presented externally for potential exploits.
However, the top 10 EU pharma firms had a significantly lower risk exposure score than their top 10 US counterparts (40.5).
Overall, the researchers noted that EU pharma companies run an exceptionally large number of web applications (20,394 web apps and 9,216 domains) compared to other industries. Nearly one in five (18%) use outdated components containing known vulnerabilities, while 3% were considered suspicious.
Additionally, over 200 EU pharmaceutical applications have unencrypted login forms, potentially putting clients’ and patients’ data at risk of exposure.
The authors also observed a number of other security and compliance issues in EU pharma companies, including basic SSL, cookie settings and privacy policy defects.
Encouragingly, the report noted many of the vulnerabilities are easily fixable.
Stephane Konarkowski, security consultant at Outpost24, commented: “This research highlights the complexity of modern-day pharmaceutical and healthcare applications and the vast volume exposed on the Internet.
“These results demonstrate how crucial it is for the industry to review their external footprint and vulnerability exposure to improve security hygiene in the face of the ransomware pandemic.”
Nicolas Renard, security researcher at Outpost24, added: “As the attack surface and trade secrets that pharmaceutical organizations process become more pertinent, it will give threat actors more reasons and motivations to step up malicious attacks for profit and put public health at risk.”
Attacks on pharma and other healthcare organizations have ramped up in the past year, with data on COVID-19 vaccine development viewed as highly valuable to threat actors. This includes accusations nations like Russia, China and North Korea have attempted to sabotage or steal information on R&D efforts in this area.
