Vulnerable Web Applications Prevalent in EU Pharma Companies

Vulnerable Web Applications Prevalent in EU Pharma Companies

Europe’s top 10 pharma companies all have vulnerable web applications, potentially putting sensitive medical and patient data at risk of being hacked, according to a new study by Outpost24.

The company used its external attack surface management tool to assess the security of Europe’s top pharma firms’ internet-facing web services. Worryingly, they gave 80% of these organizations a score of above 30 (out of 58.4), which indicates a high susceptibility to having security vulnerabilities presented externally for potential exploits.

However, the top 10 EU pharma firms had a significantly lower risk exposure score than their top 10 US counterparts (40.5).

Overall, the researchers noted that EU pharma companies run an exceptionally large number of web applications (20,394 web apps and 9,216 domains) compared to other industries. Nearly one in five (18%) use outdated components containing known vulnerabilities, while 3% were considered suspicious.

Additionally, over 200 EU pharmaceutical applications have unencrypted login forms, potentially putting clients' and patients’ data at risk of exposure.

The authors also observed a number of other security and compliance issues in EU pharma companies, including basic SSL, cookie settings and privacy policy defects.

Encouragingly, the report noted many of the vulnerabilities are

Read More: