EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms

New research into the security posture of Europe's top pharmaceutical giants has revealed concerning levels of vulnerabilities and weak spots in web applications. 

On Thursday, Outpost24 published new research that claims the top 10 pharmaceutical countries in the region are all failing to maintain a robust security posture -- with 80% considered to be "critically exposed" to the risk of cyberattacks. 

According to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed. 

In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated.

Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online. 

Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems. 

The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption. 

"As the attack surface and trade secrets that pharmaceutical organizations process become more pertinent, it will give threat actors more reasons and motivations to step up malicious attacks for profit and put public health at risk," commented Nicolas Renard, Outpost24 security researcher.

Previous and related coverage

• Managing AI and data science: Practical lessons from big pharma
  
• Pharma companies are counting on cloud computing and AI to make drug development faster and cheaper
  
• AI makes inroads in life sciences in small but significant ways: Lantern Pharma's quest
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0