A major uptick in bot traffic could jeopardized vaccine appointment scheduling, according to a report by Imperva Research Labs. According to the report, health system websites are being buffeted with “bad bots” with an increase of 372% since September 2020. That’s making it potentially more difficult for users to make legitimate appointments for COVID-19 vaccinations.
The article discusses how in recent weeks, vaccine websites from Massachusetts to Minnesota have crashed, with an innumerable amount of that traffic “potentially” coming from bots. The reports mentions that “helpful services” that are created to determine vaccine availability by using automation is classified as a bot. Also, that “checking for inventory” is a very common use case for bots. In recent weeks, many sites have been built to “check inventory” by third-party companies or individuals trying to make it easier for the public to find appointments.
The Bot Motivation
The Imperva report acknowledges that it’s hard to determine the precise motive of these bots, however, there are scenarios that could play out in the coming months as vaccines become even more readily available.
- Bots make it harder for humans to access appointment sites: Not every bot has malicious intent. Some helpful bots — developed with good intent — will be deployed as a way to scan appointment booking sites to keep citizens apprised of availability. However, automated traffic congests the network’s bandwidth and will make it harder for legitimate users to access the system.
- Increased bot traffic takes down appointment sites: As human users and bots flood websites at elevated levels, many domains will crash because of the increased levels of traffic.
- Bots reserve appointments while human users wait online for their turn: The most nefarious of these scenarios are bots reserving legitimate appointments in bulk while human users are left waiting and wondering when they’ll have a turn to access the scheduling tool.
The TASBIA™ Bottom Line
The report is authored by Imperva, whose mission is to “offer a best-in-class Advanced Bot Protection solution, able to mitigate the most sophisticated automated threats.” Clearly there is a commercial interest underlying these claims, and Imperva cannot say for sure that “bad bots” have actually caused website crashes or are scooping up appointments for resale.
However, the report does bring up a valid point, in that many appointment scheduling solutions are not necessarily designed for massive traffic, or to deal with “bad bot” or other types of attacks, such as denial of service. It’s incumbent on COVID-19 appointment scheduling vendors to ensure not only the security of appointment scheduling data and workflows, but the infrastructure and security requirements.
