Healthcare Organizations have Become Hotbed for Phishing Email Attacks in First Quarter of 2019

• There has been a 300% jump in imposter emails sent to healthcare organizations during the first quarter of 2019.
• 77% of email attacks launched used malicious URLs.

Healthcare firms hold a trove of patients’ sensitive data which if compromised can result in identity theft, taking undue advantage of services and more. The common trick used by attackers to steal this data involves sending phishing emails that include unsafe attachments.

A new study by Proofpoint reveals that there has been a 300% jump in imposter emails sent to healthcare organizations during the first quarter of 2019.

What are the other major key findings?

Other key findings included in Proofpoint’s ‘2019 Healthcare Threat report’ include:

• 77% of email attacks launched used malicious URLs.
• 95% of targeted healthcare companies saw emails spoofing their trusted domains or patients. The spoofed domains belonged to business partners of the targeted healthcare companies.
• Apart from VIP and other high-ranking workers, attackers leveraged various other factors such as access to right data to make anyone a very attacked person.
• Subject lines of 55% of all imposter email attacks included ‘payment’, request’ and ‘urgent’ related terms.
• An average of 65 staff members were attackers in each healthcare firm targeted in the Q1 2019.

Common malware used

• Most of the unsafe attachments - included in phishing emails - were used to deliver banking Trojans. Such malware accounted for 41% of malicious payloads.
• Of all banking trojans, Emotet was observed in 60% of banking trojan-related phishing attacks. Given the versatile nature of the trojan, Emotet can pose a growing threat to healthcare firms. Emotet can serve as a downloader, information stealer, spambot and more.

Recommendations

Hospitals and medical centers should increasingly focus on insider threats. Often a human error is the main factor behind a successful phishing email attack. Thus, healthcare should create a culture of security within their organizations.