Email fraud attacks in healthcare up 473%

Healthcare organizations were targeted in 96 email fraud attacks on average in Q4 2018—an increase of 473 percent, compared to the Q1 of 2017, according to a new report issued by cybersecurity company Proofpoint.

The findings come at a time when more reports are ringing alarm bells about cybersecurity. The ECRI Institute’s 2019 Health Technology Hazards report noted one of the top technology hazards for 2019 is cybersecurity—and governmental entities are taking note. HHS recently unveiled voluntary cybersecurity practices for the healthcare industry, and the FDA is working to strengthen the cybersecurity of medical devices from threats of computer-hacking threats.

Since 2013, email fraud, aimed at stealing money and valuable information, has cost organizations around the world $12.5 billion, Proofpoint found. 

“For healthcare, email fraud is especially harmful. It hurts the most vulnerable segment of the population and the people dedicated to helping them,” the report stated. 

Proofpoint analyzed more than 160 billion emails sent across 150 countries in 2017 and 2018 to identify email fraud attack trends that targeted more than 450 healthcare organizations. Their findings included:

  • Wire transfer is healthcare’s most common form of email fraud.
  • On average, 65 staff members were attacked in Q4 2018 among healthcare organizations.
  • Email fraud within healthcare typically happened between 7 a.m. and 1 p.m. in the target’s time zone.
  • Approximately, 95 percent of healthcare organizations were targeted using their own trusted domain.
  • Approximately 45 percent of all emails sent from healthcare-owned domains in Q4 2018 appeared suspicious—65 percent of the emails sent were to employees, 42 percent to patients and 15 percent to business partners.

“Despite organizations’ large investments in security, email fraud continues to rise,” the report read. “Cyber criminals are growing more advanced. And attacks are evading traditional security tools, leaving people as the last line of defense.”

To thwart such activity, the authors recommended “a multi-layered defense,” including blocking all impostor attacks that spoof trusted domains, analyzing the contents and context of the email to halt display-name spoofing and lookalike domains and automatically identifying and flagging potentially risky domains.