Healthcare Organizations Experience 279 Increase in Abnormal
pHealthcare is a laudable industryhelping alleviate patient suffering improving health outcomes and keeping a highly complex interconnected system running But cybercriminals see things differently They recognize that healthcare organizations house valuable data and abhor slowdowns in their operations This makes them prime targets for attacks especially sociallyengineered attacks like business email compromise known as BEC ppAccording to Abnormal data the healthcare industry is experiencing a 167 increase in advanced email attacks in 2023 which includes BEC credential phishing malware and extortion While the year isnt over yet this signals the need for more sophisticated security to protect patients employees and the organizations themselves ppThe median number of advanced email attacks rose in early 2023 for the healthcare industry starting the year with an average of 5566 attacks per 1000 mailboxes in January and peaking in March at over 100 attacks per 1000 mailboxes Numbers dropped to more consistent levels of nearly 6116 attacks through the rest of the year But if last year is any indication these numbers are going to continue to rise until the holiday season when cybercriminals will take a short break before starting their work again in the new year ppThroughout a typical year cyberattacks ebb and flow Its entirely possible that the number of sophisticated attacks will dip over the 2023 winter holiday season but even so the overall number of sophisticated BEC attacks is significantly outpacing 2022ppTextbased BEC attacks do not have the volume of credential phishing or malwareaccounting for less than one attack per 1000 mailboxesbut they are on the rise Last August the healthcare industry received a median of 54 BEC attacks each week but that number jumped 54 to 83 attacks a year later And when looking at data only from JanuaryAugust the number of attacks increased significantly with an average of only 22 attacks last year to 84 attacks this yearan increase of 279 ppWhile the volume of BEC is minimal relative to other email attacks it remains the most dangerous attack type because it often leads to direct financial losses at an average of 125000 per attack according to the latest research from the FBI Identifying and stopping BEC is increasingly important but made difficult by the fact that these attacks are often textbased sent from legitimate domains and lack traditional indicators of compromise like a suspicious link or malicious attachment In many cases they are simply looking for information that can then be used for another attack like in this recent example stopped by AbnormalppWeve seen an increased number of requests for aging reports and healthcare is no exception In this email the attacker is impersonating the President and CEO of a healthcare network with more than 200 locations throughout the United States The email requests that the recipient send a copy of all updated aging statements for customers including the email addresses for the corresponding account payables departmentppWhile this email may look innocuous at first glance it can lead to disastrous consequences If the recipient were to respond with this information the attacker would then have legitimate contact and invoice information for all customers of the health network which would enable them to create realistic emails requesting that the outstanding payments be diverted into the account owned by the attacker Given how large this health network is and how many patients they see each day a successful attack like this could result in millions of dollars lost before the network realizes that there is an error in the payments their customers are sending ppIf 2022 is any indication the healthcare industry should be prepared for an additional influx of attacks in the latter half of this year Fortunately there are solutions available to prevent these attacks from reaching doctors nurses and healthcare staff By embracing sophisticated cloud email security healthcare organizations can dramatically improve their cybersecurity practicesppAbnormal Security leverages artificial intelligence and machine learning to create a baseline of good behaviors By understanding whats normal Abnormal can detect anomalous activity and block business email compromise invoice and payment fraud malware and other emailbased threats before they reach your employees ppSee other trends impacting healthcare in the latest email threat report Applications Abound Average Organization Now Integrates 379 ThirdParty Applications with Emailpp Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscapeppProtect your organization from the full spectrum of email attacks with Abnormalp