Email fraud attacks in healthcare up 473%
Subrata Thakar | February 13, 2019 | Health Exec | Digital Transformation

Healthcare organizations were targeted in 96 email fraud attacks on average in Q4 2018—an increase of 473 percent, compared to the Q1 of 2017, according to a new report issued by cybersecurity company Proofpoint.

The findings come at a time when more reports are ringing alarm bells about cybersecurity. The ECRI Institute’s 2019 Health Technology Hazards report noted one of the top technology hazards for 2019 is cybersecurity—and governmental entities are taking note. HHS recently unveiled voluntary cybersecurity practices for the healthcare industry, and the FDA is working to strengthen the cybersecurity of medical devices from threats of computer-hacking threats.

Since 2013, email fraud, aimed at stealing money and valuable information, has cost organizations around the world $12.5 billion, Proofpoint found. 

“For healthcare, email fraud is especially harmful. It hurts the most vulnerable segment of the population and the people dedicated to helping them,” the report stated. 

Proofpoint analyzed more than 160 billion emails sent across 150 countries in 2017 and 2018 to identify email fraud attack trends that targeted more than 450 healthcare organizations. Their findings included:

  • Wire transfer is healthcare’s most common form of email fraud.
  • On average, 65 staff members were attacked in Q4 2018 among healthcare organizations.
  • Email fraud within healthcare typically happened between 7 a.m. and 1 p.m. in the target’s time zone.
  • Approximately, 95 percent of healthcare organizations were targeted using their own trusted domain.
  • Approximately 45 percent of all emails sent from healthcare-owned domains in Q4 2018 appeared suspicious—65 percent of the emails sent were to employees, 42 percent to patients and 15 percent to business partners.

“Despite organizations’ large investments in security, email fraud continues to rise,” the report read. “Cyber criminals are growing more advanced. And attacks are evading traditional security tools, leaving people as the last line of defense.”

To thwart such activity, the authors recommended “a multi-layered defense,” including blocking all impostor attacks that spoof trusted domains, analyzing the contents and context of the email to halt display-name spoofing and lookalike domains and automatically identifying and flagging potentially risky domains.

""
Subrata Thakar

As a senior news writer for TriMed, Subrata covers cardiology, clinical innovation and healthcare business. She has a master’s degree in communication management and 12 years of experience in journalism and public relations.

Related Content

Against malpractice for using clinical AI, the best defense is a good offense
Overheard around the Kaiser nurses’ protest over AI in healthcare
10 things you may have suspected about AI but didn’t know for sure till now
Physicians are embracing clinical GenAI—in theory, at least
Submitted for consideration by all healthcare AI stakeholders: 10 principles, 6 commitments, 1 direction
The well for AI training data is running dry. Big Tech heavyweights are taking extraordinary measures to deal with the drought.

Design by Adaptive Theme
Trimed Popup
Trimed Popup