- Censys, a leading provider of attack surface management, announced a new report revealing the healthcare industry is at risk of data breach
Censys is a leading provider of attack surface management and security insights, which counts customers like the U.S. Department of Homeland Security and over 25% of the Fortune 500. And recently at the RSA Conference 2020 USA in San Francisco, the company announced research findings of cloud risks and cloud maturity by industry, which found the healthcare industry to have significantly more exposed risks than any other industry surveyed.
By utilizing the Censys SaaS Platform, company researchers measured the occurrence of exposed databases and exposed remote login services — which are two key indicators of modern security risk — for the ten largest companies by revenue in seven major industries (Automotive, Energy, Hotels, Insurance, Manufacturing, Healthcare, and Financial). It was determined that the healthcare industry showed significantly more exposed databases and more exposed remote login services.
The healthcare industry — which is composed of pharmacies, healthcare providers, insurance providers, and pharmaceutical manufacturers — saw an average of 13 exposed databases per company. And the energy industry proved the least at-risk with only one exposed database per company.
Plus healthcare also had the most exposed Remote Desktop Protocol (RDP) servers per company with an average of eight. This average is caused by one outlier with ten times the number of exposed RDP servers than the next highest company.
Even though cloud databases and remote working solutions provide a great deal of convenience and enable modern web applications, both provide attackers a common entry point and drive data breach attacks. And Internet exposed databases put customer data at risk and RDPs pose risks of credential stuffing, reuse of stolen credentials, and specific software exploits.
“Along with enormous agility for the modern enterprise, the rise of cloud infrastructure in high-tech industries has created an incredible security challenge that only continues to grow,” said Jose Nazario, Ph.D., Principal R&D Engineer at Censys. “While all industries have guilty parties, healthcare’s attack surface is simply much bigger than they realize.”
In order to protect against breaches, companies have to first gain visibility using a continuous attack surface monitoring platform. And this enables businesses to be alerted to risks when they occur. Plus companies can then remediate the issue by reconfiguring an application to listen on a private network, employing VPN software, or simply ensuring a firewall ruleset is properly configured.
The Censys Platform enables security and IT personnel to automatically discover and monitor all external assets and infrastructure, including hosts, software, domains, shared services, and Internet of Things devices in order to mitigate exposures and threats, and to proactively prevent attacks before they lead to data breach or damage to the brand.
Here is a copy of the report:
