Public Web sites of health care organizations faired well in an annual study of Web site vulnerability management, yet the results still are sobering.

WhiteHat Security, a Santa Clara, Calif.-based vendor of outsourced Web site vulnerability management services for multiple industries, conducted the study, which paints a statistical picture of current Web site vulnerabilities on more than 3,000 sites under its management.

Keeping in mind that the studied Web sites are from organizations taking a proactive approach to vulnerability management, the vendor's 11th Website Security Statistics Report paints this picture of its health care clients' Web vulnerabilities during 2010:

* Health care clients had an average of 33 serious vulnerabilities--less than three per month--with an average of 133 days during the year that a site was exposed to at least one serious vulnerability. If that sounds like a lot, the overall, multi-industry average was 230 serious vulnerabilities and an average of 233 days of exposure to at least one serious vulnerability.

* Industries with the lowest average number of serious vulnerabilities during 2010, in order, were banking (30), health care (33) and manufacturing (35). Midpoint sites were social networking (71), insurance--including health payers (80) and information technology (111). The worst offenders were telecommunications (215), financial services (266) and retail (404).

The report is available at

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access