New Censys research reveals healthcare industry at greatest risk of data breach

Feb. 26, 2020
The report examines state of cloud maturity and security risks of largest companies in major industries finding exposed databases and RDP servers

SAN FRANCISCO (Feb. 25, 2020)Censys, the leading provider of attack surface management and security insights trusted by government departments like the U.S. Department of Homeland Security and over 25% of the Fortune 500, today at RSA Conference 2020 USA in San Francisco, announced research findings of cloud risks and cloud maturity by industry, finding the healthcare industry to have significantly more exposed risks than any other industry surveyed.

Leveraging the Censys SaaS Platform, company researchers measured the occurrence of exposed databases and exposed remote login services -- two key indicators of modern security risks -- for the ten largest companies by revenue in seven major industries (Automotive, Energy, Hotels, Insurance, Manufacturing, Healthcare and Financials). The healthcare industry showed significantly more exposed databases and more exposed remote login services.

Exposed Databases by Industry

Composed of pharmacies, healthcare providers, insurance providers and pharmaceutical manufacturers, the healthcare industry had an average of 13 exposed databases per company. The energy industry proved the least at-risk with only one exposed database per company.

Exposed Remote Desktop Protocol

Healthcare also had the most exposed RDP servers per company with an average of eight. However this average is caused by one outlier with ten times the number of exposed RDP servers than the next highest company.

While cloud databases and remote working solutions provide a great deal of convenience and enable modern web applications, both provide attackers a common entry point and drive data breach attacks. Internet exposed databases put customer data at risk and RDPs pose risks of credential stuffing, reuse of stolen credentials, and specific software exploits.

“Along with enormous agility for the modern enterprise, the rise of cloud infrastructure in high-tech industries has created an incredible security challenge that only continues to grow,” said Jose Nazario, Ph.D., Principal R&D Engineer at Censys. “While all industries have guilty parties, healthcare’s attack surface is simply much bigger than they realize.”

In order to protect against breaches, companies must first gain visibility using a continuous attack surface monitoring platform. This enables businesses to be alerted to risks when they occur. Companies can then remediate the issue by reconfiguring an application to listen on a private network, employing VPN software, or simply ensuring a firewall ruleset is properly configured.

The Censys Platform enables security and IT personnel to automatically discover and monitor all external assets and infrastructure including hosts, software, domains, shared services, and IOT devices, in order to mitigate exposures and threats, and to proactively prevent attacks before they lead to data breach or brand damage.

Since 2013, Censys has scanned the entire Internet for security-relevant data to provide a comprehensive view of the world’s networks and devices. Research firm CB Insights selected Censys as one of 28 companies pioneering technology with the potential to transform the cybersecurity industry for its ability to fight threats by analyzing real-time internet data.

About Censys

Censys, Inc.™ is the gold standard in data-driven security used by researchers, corporations, and governments to find and analyze every device connected to the Internet. Founded in 2013 by the creators of ZMap, Censys gives organizations the visibility they need to fight threats by continuously analyzing real-time Internet data. Customers like FireEye, Google, NATO, the Swiss Armed Forces, and the U.S. Department of Homeland Security have relied on Censys data to proactively prevent cybersecurity threats. Censys was recognized by CB Insights as a 2019 Cyber Defender for pioneering technology with the potential to transform the cybersecurity industry. To learn more, visit censys.io and follow Censys on Twitter.