Report Finds Health Sector’s Use Of Outdated Systems Poses Significant Security Risks

A penetration risk report released by Global cybersecurity firm Coalfire has found that while the health sector is gradually reducing its dependence on legacy systems, unpatched and out-of-date software continues to pose security risks. The report was composed of results of more than 3,100 penetration tests from approximately 1,600 client engagements in the technology, retail financial services, and healthcare industries. Penetration testing is a tool used by healthcare organizations to identify potential vulnerabilities in their cybersecurity before hackers can. In addition coalfire employed cybersecurity firm NowSecure to examine mobile applications’ cybersecurity. 

The report found a number of key findings. Firstly, the results determined that web application penetration testing pays off over time. According to the report, organizations with testing systems in place for at least three years showed a 25% decrease in high-severity results. The results also demonstrated how security misconfiguration is the most common vulnerability. The most common application vulnerabilities have remained consistent for years, indicating that many organizations have a lack of knowledge about their own asset list, use outdated systems that have several vulnerabilities, and have poor online conduct. In addition, the report discovered improvement in social engineering test results. Less than 50 percent of the organizations put through social engineering tests were compromised, showing improvement in increasing employee knowledge and reducing the likelihood of human compromise. However, while social engineering results demonstrated improvement, a lack of training, particularly around social engineering, accounts for 41% of all FedRAMP vulnerabilities. Finally, the report found that large CSPs are continuing to improve their cybersecurity, however, they still carry a majority of high-risk vulnerabilities. The biggest CSPs decreased high-level risk exposure by more than one-third during the previous two years. Smaller cloud providers, on the other hand, observed a 15% rise in vulnerabilities, mostly as a result of ongoing setup issues and issues with outdated software.

According to Coalfire’s long-term statistics, the amount of cyber risk changes dramatically from year to year depending on the size of the organization, the industry, and a variety of factors. The predominant focus on external risk stems from an increase in widely reported catastrophic breaches, which allows internal dangers to remain. This introduces weak spots that raise the possibility of internal attacks from the expanding number of adversaries. 

“With high-risk vulnerabilities nearly cut in half since Coalfire’s first annual report, the large enterprise is getting smarter about external threats, but falling behind on internal vulnerabilities,” said Coalfire CEO Tom McAndrew. “Smaller businesses are doing a better job balancing internal and external risks; however, mid-size companies struggle in the face of complex hybrid environments, heavy compliance demands, and extensive supply chains expanding their attack surfaces.”