Application security remains 'troubling' in healthcare

network security

A lot of software in use, particularly related to the healthcare industry, has not been through a formal security improvement process, according to a new analysis by application security vendor Veracode.

In its report, Veracode compared applications’ compliance with the Open Web Application Security Project (OWASP) and SANS Top 25 standards, which are built around slightly different sets of threats.

Examining compliance pass rates for first-time scans, only government (25 percent) fared worse than the healthcare industry (33 percent). The report notes, however, that every industry sector except financial services improved slightly from last year.

Overall, internally developed applications showed a slight uptick in improvement over time, while commercial software lost a bit of ground.

However, the analysis calls the healthcare vulnerability fix rate “troubling.” The top performer, manufacturing, outperforms healthcare, 2 to 1, on fixing vulnerabilities once they’ve been identified.

The top vulnerability cited across industries was data leakage, a problem found in 65.5 percent of healthcare apps. However, the report authors called attention to cryptographic (encryption) and credentials management issues in healthcare, as well.

They also noted a prevalence of vulnerabilities in JavaScript-based applications, a programming language that has been rapidly adopted in healthcare, retail, and financial services for server-side and mobile applications.

Suggested Articles

In a surprise move, Planned Parenthood Tuesday removed its president Leana Wen, M.D., after less than a year in the job.

A select few legacy health organizations could thrive under a ‘Medicare for All’ system, according to a new analysis. 

The Congressional Budget Office estimates a Senate package tackling surprise billing and drug prices will save the government $7 billion.