Bad Bots Attack Healthcare | Total Security Software

Bad bot traffic to healthcare websites has nearly quadrupled. This systematically sabotages vaccination campaigns.

Few countries like Israel have so far been successful in their vaccination campaigns. The incompetence prevailing in many places is now reinforced by malice. Since September last year, the cybersecurity experts from Imperva have observed a 372 percent increase in global bot traffic on healthcare websites. The biggest increase in the last 12 months was bot traffic in February 2021 with 48.8 percent.

It is no coincidence that bad bot traffic in the healthcare sector is increasing at a time when the country vaccination campaigns are gaining momentum. Right now, more and more people are looking online for information about where and when they can get a possible vaccination.

Imperva Research Labs also observed a 51 percent increase in web application attacks on healthcare targets. Imperva data shows that the healthcare industry experienced an average of 187 million attacks per month worldwide, equivalent to approximately 498 attacks per organization per month.

Many healthcare organizations rely on third-party applications rather than writing their own because it is more convenient to reduce IT development risks and costs, and to enable better collaboration. While third-party applications sometimes offer business benefits, there are also risks: patches only on the vendor's schedule, known exploits that are well known, and ongoing zero-day research into widely used third-party tools and APIs.

The reliance on JavaScript APIs and third-party applications creates a threat landscape with more complex, automated, and opportunistic cybersecurity risks that are increasingly difficult for any organization to identify and stop.

At the same time, new digital infrastructures must be created within a short period of time - and that by institutions that had little experience with them in the past. Errors are inevitable and it is precisely these weak points that can be exploited. While bots usually try to get hold of special models of shoes or the best concert tickets, the motifs here are more diverse.

There are several possible application scenarios for bad bots once the vaccines are available in larger quantities:

Bots could be used to scan appointment booking pages and keep citizens informed of the availability of appointments. However, the automated traffic quickly overloads the network's bandwidth and makes the system difficult for legitimate users to access.

As human users and bots use websites more and more, many domains could crash due to the increased traffic. Smaller institutions and local government websites do not have the resources to ensure 24/7 availability. Server failures are the result.

The worst of all possible scenarios looks like this: Bots reserve lots of appointments and illegally sell the available seats at a substantial premium. This scenario is not absurd if the appointment pages are not properly secured. Even large retailers and ticketing companies have enormous problems with this, for example when you look at the prices for the Sony Playstation 5 or for exclusive concert tickets on the black market. Keep your device and data safe from bad bots attack by installing security protection like total security software.