The report, by security firm Proofpoint, reveals that more than half of healthcare organisations globally were attacked more often, with incidents up between 200% and 600% during the two-year period.
Proofpoint says email fraud, also known as business email compromise, is one of today’s biggest cyber threats and, according to the FBI, BEC has cost organisations across the world US$12.5 billion — or over A$17.5 billion — since the end of 2013.
As part of these attacks, Proofpoint says cyber criminals often use identity deception tactics, such as domain spoofing, to pose as trusted colleagues and business partners, and in Q4 2018, 95% of healthcare organisations were targeted by an attack using their own trusted domain.
“It is critical that organisations implement a multi-layered security approach to secure the email gateway and educate employees on cyber security best practices. Employees should always confirm the source of all emails that are sent to their personal and corporate email inboxes and be wary of emails that urgently request a password change, patient data, or a link be clicked.”
Proofpoint lists additional healthcare research findings as:
- Wire-transfer fraud is the most common form of email fraud for healthcare.
- Sixty-five staff members on average were attacked in Q4 2018 within targeted healthcare organisations.
- Forty-five percent of emails sent from healthcare-owned domains in Q4 2018 appeared suspicious. Of these, 65% were sent to employees, 42% were sent to patients, and 15% were sent to business partners.
- The highest volume of email fraud attacks targeting healthcare arrived on weekdays between 7am and 1pm in the targets’ time zone.