Security Market Segment LS
Tuesday, 12 February 2019 11:07

Healthcare comes under sustained email fraud attack

Healthcare comes under sustained email fraud attack Image courtesy of Stuart Miles at

Healthcare organisations were targeted in 96 email fraud attacks on average in the fourth quarter of 2018 – a 473% jump from the first quarter of 2017, according to a new global cyber security report.

The report, by security firm Proofpoint, reveals that more than half of healthcare organisations globally were attacked more often, with incidents up between 200% and 600% during the two-year period.

Proofpoint says email fraud, also known as business email compromise, is one of today’s biggest cyber threats and, according to the FBI, BEC has cost organisations across the world US$12.5 billion — or over A$17.5 billion — since the end of 2013.

As part of these attacks, Proofpoint says cyber criminals often use identity deception tactics, such as domain spoofing, to pose as trusted colleagues and business partners, and in Q4 2018, 95% of healthcare organisations were targeted by an attack using their own trusted domain.

“Healthcare organisations are high-value targets for cybercriminals due to the large amounts of personal information that they store. Unfortunately, these organisations are also extremely vulnerable to email-based attacks as their often-complex supply chains offer multiple opportunities for cyber criminals to insert themselves into various business transactions and trick employees into sharing information or wiring funds,” said Tim Bentley, Proofpoint’s vice-president of Asia-Pacific and Japan.

“It is critical that organisations implement a multi-layered security approach to secure the email gateway and educate employees on cyber security best practices. Employees should always confirm the source of all emails that are sent to their personal and corporate email inboxes and be wary of emails that urgently request a password change, patient data, or a link be clicked.”

Proofpoint lists additional healthcare research findings as:

  • Wire-transfer fraud is the most common form of email fraud for healthcare.
  • Sixty-five staff members on average were attacked in Q4 2018 within targeted healthcare organisations.
  • Forty-five percent of emails sent from healthcare-owned domains in Q4 2018 appeared suspicious. Of these, 65% were sent to employees, 42% were sent to patients, and 15% were sent to business partners.
  • The highest volume of email fraud attacks targeting healthcare arrived on weekdays between 7am and 1pm in the targets’ time zone.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments