Email fraud attacks up by nearly 500%, report says

By Nathan Eddy
09:45 PM
Share
PHI puts healthcare organizations at more risk than others, security vendor Proofpoint found in new research.

Healthcare email fraud attack attempts increased by 473 percent over the past two years, according to a report from cybersecurity specialist Proofpoint

WHY IT MATTERS

These highly personalized email attacks try to fool workers and patients to unknowingly surrender their credentials or financial info.

The study found 95 percent of healthcare organizations were targeted by an attack using their own trusted domain, and found wire transfer fraud to be the industry’s most common form of email fraud.

“Healthcare employees are especially vulnerable to email-based attacks due to the high volume of personal health information they access, their frequent email communication with patients and other providers and time constraints in critical care settings,” Chris Dawson, threat intelligence lead for Proofpoint, told Healthcare IT News.

Unfortunately, organizations often only invest a small percentage of their budget on email security, and today’s threat actors are increasingly targeting people, rather than infrastructure, changing the nature of necessary protections.

THE BIGGER TREND

Research indicated more than 99 percent of all targeted attacks rely on the user to activate them, whether that involves clicking on a macro, typing a password into a phishing site, or sending data to an email fraudster.

“There also exists a misconception that an organization’s top executives are the most targeted by attackers due to their status and rank,” Dawson explained. “However, the traditional VIPs within an organization are often not the same individuals that cybercriminals target.”

Rather than pursuing high profile, senior level executives, cybercriminals are increasingly targeting lower level employees based on their likely access and privilege.

These so-called “very attacked people” (VAPs) are not necessarily people who are known to or actively tracked by the security team, making it easier for attackers to successfully compromise their accounts without detection.

“It’s important that healthcare organizations prioritize identifying their most attacked employees and create a security strategy that educates and protects these individuals from targeted attacks,” Dawson said.

STEPS TO TAKE RIGHT NOW

Healthcare organizations could take three immediate actions to secure their systems, including a multi-layered approach to network defenses, with a focus on securing the email channel and identifying and protecting the organization’s VAPs.

“Email remains the cybercriminals’ attack vector of choice, both at scale and in targeted attacks,” Dawson said.

In addition to firewalls and other perimeter security, a dedicated advanced email security gateway must be in place, stopping threats before they ever reach employees – and providing mitigation solutions if they do.

“Be sure to deploy email authentication protocols such as DMARC and lookalike domain defenses as well to protect your organization from email fraudsters attempting to use your brand to lure victims,” Dawson said.

Second, a cloud access security broker (CASB) solution will help provide the visibility needed to safeguard the organization as it adopts Microsoft Office 365, Google G Suite, Box and other applications.

“Finally, train healthcare staff to spot cyber attacks that target them and understand the value of the information they handle,” Dawson said.

Nathan Eddy is a healthcare and technology freelancer based in Berlin. 

Email the writer: nathaneddy@gmail.com

Twitter: @dropdeaded209