Healthcare Email Fraud Attack Attempts Jump 473% Over Two Years

Share with your network!

More and more, cybercriminals are exploiting people within healthcare organisations, rather than technology.  These targeted people within your organisations may not be who you expect.  Anyone can be a VAP – very attacked person. When you think about protecting your organisation, you’ve got to start by protecting your people.

Imagine a staff member working in your health institution’s finance department.  Its about 11:00am on a Tuesday and this person is performing their job as they normally would.  They receive an email from a business associate with the subject: “payment”, indicating that their account information has changed and requests that this be updated for future payments.  This email doesn’t raise any alarm bells as these two people have communicated with each other via email in the past and the request made fits within this staff member’s job responsibilities.  Time passes, and the business associate finally reaches out – complaining that they have not received appropriate payments.  Only then does the staff member and organisation realise they’ve fallen victim to email fraud.

Email fraud is a growing problem and is costing organisations around the world billions of dollars.  For healthcare organisations specifically, fraudsters are targeting your staff, your patients, and your business associates with email fraud attacks.

To better understand how email fraud is impacting healthcare organisations around the world, Proofpoint analysed email fraud attacks targeting more than 450 healthcare organisations in 2017 and 2018.  Here are some of our findings:

How Email Fraud is Impacting Healthcare Organisations

Targeted healthcare organization email fraud attacks per quarter

The average number of email fraud attacks targeting a given healthcare organisation in Q4 2018 was 96.  That’s a 473% increase over Q1 2017.  This means that criminals are targeting more people, across more business units, within healthcare organisations.  In fact, the average number of staff members, or employees, targeted by email fraud was 65 in Q4 2018 – and the median number was 23.  Because healthcare organisations are often complex and decentralised, it can be challenging to identify and protect the VAP’s.  Fraudsters are also taking on more identities within healthcare organisations to make these requests.  The average number of identities spoofed within a given healthcare organisation was 15 in the same quarter.

How Fraudsters are Targeting Staff Members/Employees

Email fraud attacks sent by day of the week

Most email fraud attacks are sent on weekdays between 7:00am and 1:00pm in the targeted person’s local time zone.  This makes sense as these attacks are socially engineered to be as believable as possible.  A business associate, for example, is less likely to request payment information be updated after working hours or during a weekend.

Wire-transfer fraud is the leading form of email fraud in healthcare.  The most popular email subject categories used to target healthcare have included: “payment”, “request”, and “urgent”.

Identity Deception Tactics Used to Target Healthcare Organisations

A common tactic used to launch email fraud was to use a webmail service and change the display name (display name spoofing) to impersonate a person of authority.  From 2017 – 2018, 33% of these attacks targeting healthcare used,,,, or

95% of healthcare organisations were targeted by an attack using their own trusted domain and 100% of these organisations had their domain spoofed to target both patients and business associates.  This form of domain abuse is called domain spoofing.

In 2017 and 2018, 67% of healthcare organisations were targeted by attacks launched from lookalike domains.  These are domains registered by third-parties and include swapping characters (i.e. a “0” for an “o”) or inserting additional characters (i.e. an “s” or an “r”).

Healthcare Organisations Can Protect Themselves from Email Fraud

Email fraud is a 360-degree problem – involving multiple stakeholders and identity deception tactics – and you need a 360-degree solution.  Protect your staff, patients, and business associates with controls that will block all fraud tactics: display name spoofing, domain spoofing, and lookalike domains. 

To learn more about how email fraud is impacting the healthcare industry, read the full report: 

Click here to learn about how Proofpoint EFD360 can help you solve the email fraud challenge.