Press Releases

New Analysis: More Than Half of Healthcare Applications Currently Open to Attack

SAN JOSE, Calif., Oct. 26, 2021  — The Application Security Division of NTT Ltd., a world leader in application security, today released AppSec Stats Flash Volume 10, the latest installment of the company’s monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape. NTT Application Security’s monthly analysis includes data from more than 400 million lines of code in applications spanning all industry sectors to provide comprehensive insight into the digital risks facing organizations today.

In AppSec Stats Flash Volume 10, NTT Application Security researchers take a closer look at the improving cybersecurity posture of applications in the healthcare industry, more than half of which currently contain a critical vulnerability.

Key findings of the analysis include:

  • 52 percent of the applications in the healthcare industry have at least one serious vulnerability — rating ‘high’ or ‘critical’ on the Common Vulnerability Scoring System scale — open throughout the year
  • 18 percent of critical vulnerabilities found in applications are fixed within one month of discovery, while 39 percent were remediated within the examined timeframe
  • Healthcare has performed 14 percent better than the industry average on remediating critical risks in the past three months; a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis

“Healthcare is one of the most regulated industries in the U.S., and data breaches can quickly lead to lawsuits, revenue loss, and brand damage,” said Zach Jones, senior director of detection research. “To rise to the challenge posed by the critical need for accelerated digital transformation, healthcare organizations have had to reconfigure traditional procedures and protocols that have been in place for decades. We are glad to see an industry that is responsible for our most critical personal data is improving their application best practices.”

The most serious vulnerability healthcare organizations encountered in recent months was abuse of functionality, which refers to an attack technique that uses a website’s own features against it after gaining access to an organization’s network through password-recovery flows. However, far more common vulnerability in healthcare organizations’ applications is information leakage — a weakness where an attacker uses sensitive data to exploit their target, its hosting network or users.

According to NTT’s 2021 Global Threat Intelligence Report, 67 percent of global attacks in 2020 can be attributed to application-specific or web-application attacks. This is a dramatic increase from 2018, in which application vulnerabilities accounted for 32 percent of the share. Jones adds, “the healthcare industry should focus on improving the remediation rate for critical vulnerabilities found in web applications in order to reduce its overall breach exposure. The longer these threats go unresolved, the more likely they are going to be exploited by nefarious actors.”

Those interested in learning more about the findings and analysis in AppSec Stats Flash Volume 10 can now download the report and stream the latest podcast episode on NTT’s Application Security website and popular platforms including Apple PodcastsSpotifyStitcherAmazon, and more.

For more information about NTT’s Application Security Division, please visit

About NTT
NTT Ltd. is a leading global technology services company. Working with organizations around the world, we achieve business outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital and secure. Our global assets and integrated ICT stack capabilities provide unique offerings in cloud-enabling networking, hybrid cloud, data centers, digital transformation, client experience, workplace and cybersecurity. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries and delivering services in over 200 countries and regions. Together we enable the connected future. Visit us at