cognitive cybersecurity intelligence

News and Analysis


How provider organizations can protect against credential stuffing and data scraping

Cybercriminals are increasingly targeting patient portals of healthcare provider organizations in order to gain access to sensitive patient information. Despite this, a recent report from LexisNexis Risk Solutions found that 58% of healthcare organizations believe that their patient portal cybersecurity is superior to other portals. However, simply using username and password authentication or multifactor authentication may not be enough to prevent attacks. Criminal hackers use bots to automate tasks such as credential stuffing and data scraping to break into patient accounts. This is a widespread problem, with 96% of login pages overall being hit with bad bots in 2016. Healthcare organizations should anticipate bad bots running stolen credentials against their patient portals after every new breach. Good identity and access management practices, including multi-factor authentication, rate-limits, and a solution to prevent automated testing of credentials can be effective in protecting patient portals. Healthcare organizations also need to clean their traffic to remove abusive bad bots in order to reduce web scraping.

Source: –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts