Digital infrastructureHealthcare organisations fix application flaws faster

Healthcare organisations fix application flaws faster

New Veracode SOSS analysis reveals healthcare organisations beat average fix times on software security risks, better retailers and manufacturers

Healthcare organisations are the fastest when it comes to addressing common vulnerabilities found in software, according to  a report.

Healthcare organisations took only six days to address a quarter of their vulnerabilities in code and just seven months (216 days) to remediate the majority (75%) of vulnerabilities, as revealed by State of Software Security report (SoSS).

The time taken by healthcare organisations is almost eight months faster than the average organisations that take 15 months (472 days) to fix 75% of its vulnerabilities.

Reactive to proactive

A significant 64% of current applications used by healthcare organisations are at risk of information leakage attacks, wherein an application reveals sensitive data that can be used by an attacker to exploit a web application or its users. Cryptographic issues (62%) and code quality (60%) round out the top three vulnerabilities facing healthcare organisations and provide areas of focus for improvement within the NHS and other health service agencies.

The sensitive data held by healthcare organizations are a significant target for evolving threats. A focus on code quality can help healthcare organizations shift from a reactive security stance to a proactive one.

The NHS recently announced that it is undertaking an IT overhaul to use cloud-based, modern systems and improve security. With this in mind, developers and security professionals in healthcare need to focus on building on this “first place for fixes” position and pursue DevSecOps models of frequent, incremental software scanning. This will ensure they are able to remediate application flaws even more quickly and efficiently.

Remediating at a rapid rate

Healthcare organisations are perceived to be behind the times with technology and have larger installations of legacy software, however, Veracode’s analysis shows healthcare companies are not hindered in staying on top of application security. The sector ranks first for the latest scan OWASP pass rate, and based on the flaw persistence analysis chart, the industry is statistically closing the window on application risk faster than any other sector. The State of Software Security report also studied vulnerability remediation in retail, technology, public sector, infrastructure, finance and manufacturing.

Paul Farrington, EMEA Chief Technology Officer at Veracode said: “Healthcare organisations are remediating at the most rapid rate at every interval compared to their peers. It takes just a little over seven months for healthcare organizations to reach the final quartile of open vulnerabilities, about eight months sooner than it takes the average organisation to reach the same landmark.

“It shows remarkable resilience for an industry which was heavily targeted and badly damaged during the WannaCry ransomware attack two years ago. However, millions of cyber-attacks are aimed at the healthcare sector each day, seeking any weak spot. Using code that is secure from the start can help healthcare reduce security risk further.”

Related Articles

Councils drive transformation with SaaS models

Cloud Computing Councils drive transformation with SaaS models

4m Jay Ashar
Healthcare organisations fix application flaws faster

Digital infrastructure Healthcare organisations fix application flaws faster

4m Jay Ashar
The need for balance in digitising public services

Digital Transformation The need for balance in digitising public services

4m Afshin Attari
Digital lags behind in healthcare: Deloitte report

Digital Skills Digital lags behind in healthcare: Deloitte report

4m Jay Ashar
Where are all the change managers delivering “digitisation”?

Change Management Where are all the change managers delivering “digitisation”?

4m Romy Hughes
Getting technology providers to partner for progress

Digital Transformation Getting technology providers to partner for progress

4m Neil Laycock
Delivering transformation for future generations

Digital Skills Delivering transformation for future generations

4m Jay Ashar
Driving change through place-based partnerships: Part Two

Digital Customer Service Driving change through place-based partnerships: Part Two

4m Austin Clark