Interestingly, the attacks on internal HRMS, customer service portals, ticketing systems, and developer tools made up 80 percent of these attacks. (File)
Indusface, a TCGF II (Tata Capital) funded, on Friday announced that its recently released report revealed there were upwards of 1 million cyber attacks of various types across Indusface’s global healthcare clientele. Of these, 278,000 attacks were reported in India, the report revealed.
The report has highlighted the Vulnerabilities of the Indian Healthcare Segment highlighting cybersecurity challenges in the healthcare industry.
As per the findings, as per the second-highest number globally after the US. Cross-site scripting (XSS)(117,818 instances) was the top attack category followed by HTTP Policy Violation (70,068) and Apache Log4J Remote Code Execution (11,917) were the other two attack categories.
Interestingly, the attacks on internal HRMS, customer service portals, ticketing systems, and developer tools made up 80 percent of these attacks. This is despite having public-facing e-commerce, diagnostic reports downloads, and other websites.
“This shows that hackers have become more sophisticated, they are now able to guess that every company uses certain software and the subdomains will follow a pattern. Hackers are then targeting these websites as they have valuable PII data that could be leaked to the dark web or used as a target for ransom,” the company stated.
Meanwhile, the pandemic pushed the global healthcare industry into a crisis mode, leading to an unprecedented scale of digital healthcare process implementations through websites and applications, it stated.
According to the company, the rapid growth of this sector in India has made healthcare companies using legacy technology and outdated or limited cyber security measures highly vulnerable.
“Lack of risk awareness, use of legacy technologies by healthcare companies, and massive traffic loads make the Indian healthcare segment highly vulnerable to cyber-attacks. Attacks were primarily done using brute force. Now hackers are deploying surgical methods such as bots to first find vulnerabilities and then spread Ransomware. This problem will only get exacerbated when there’s the full-fledged deployment of public APIs. While this integration is already in place for payment gateways, going forward, healthcare providers will open up more possibilities through integrations with diagnostic service providers, telehealth providers, and so on. This necessitates urgent deployment of advanced VAPT and WAF solutions that prevent cyber-attacks against web applications and APIs,” Ashish Tandon Founder & CEO of, Indusface said in a statement.
Amid the surge in attacks, there is a need for all digital healthcare platforms to integrate similar security tools and services and this will ensure that their operational initiatives are free of threats and function optimally, it stated.