In 2023, we find ourselves in the midst of a growing cybersecurity concern within the healthcare sector – a surge in advanced email attacks. Recent insights underline the severity of this issue, with a distressing 167% uptick in advanced email attacks. These attacks encompass a spectrum of tactics, including business email compromise (BEC), malware infiltration, credential phishing, and extortion.
Cybercriminals have recognized the value of healthcare organizations’ data and their vulnerability to operational disruptions. Healthcare entities often fall prey to socially-engineered attacks, particularly the notorious BEC.
As we dive into the specifics of this year, the early months witnessed an alarming average of 55.66 advanced email attacks per 1,000 mailboxes, reaching a staggering peak of over 100 attacks per 1,000 mailboxes in March.
Social engineering attacks, predominantly phishing, remain a prevalent and effective tactic for cybercriminals to breach healthcare networks. The H1 2023 Email Threat Report by Abnormal Security underscores the vulnerability of healthcare employees in this regard, trailing only behind employees in the transportation and automotive sectors in terms of engaging with malicious emails.
Moreover, this blog post draws attention to the mounting threat posed by text-based BEC attacks. A comparison of data from January to August in 2022 and 2023 reveals a substantial 279% increase in the median number of BEC attacks. These figures underline the urgent need for healthcare organizations to prioritize vigilance against BEC attacks, especially considering the insights from the FBI’s Internet Crime Complaint Center (IC3) report.
The report has shed light on the impact of phishing and the evolution of BEC schemes, with fraudsters adopting increasingly sophisticated tactics. In response to these critical threats, we recommend adopting proactive measures. These include comprehensive employee training programs aimed at identifying the warning signs of email compromise, coupled with the implementation of robust technical safeguards to fortify systems and protect sensitive data.
Given the ever-changing nature of email attacks, the commitment to ongoing training and investment in cybersecurity measures is critical to safeguarding your organization and protecting your patients.
Medcurity offers a full HIPAA compliance training course for healthcare Compliance Officers and general employees. As part of Medcurity’s mission to bring clarity and confidence to HIPAA compliance, each step of our intuitive Security Risk Assessment includes helpful guidance and definitions. Do you know where the biggest threats to your cybersecurity lie? Conduct a Security Risk Assessment using the leading HIPAA tools and resources platform to find out. You can learn more about our custom, proven SRA by viewing a demo here.
If you have any questions, please reach out to your team at Medcurity!