Healthcare Email Fraud Attack Attempts Jump 473% Over Two Years

February 11, 2019
Ryan Terry

More and more, cybercriminals are exploiting people within healthcare organizations, rather than technology.  These targeted people within your organizations may not be who you expect.  Anyone can be a VAP – very attacked person. When you think about protecting your organization, you’ve got to start by protecting your people.

Imagine a staff member working in your health institution’s finance department.  Its about 11:00am on a Tuesday and this person is performing their job as they normally would.  They receive an email from a business associate with the subject: “payment”, indicating that their account information has changed and requests that this be updated for future payments.  This email doesn’t raise any alarm bells as these two people have communicated with each other via email in the past and the request made fits within this staff member’s job responsibilities.  Time passes, and the business associate finally reaches out – complaining that they have not received appropriate payments.  Only then does the staff member and organization realize they’ve fallen victim to email fraud.

Email fraud is a growing problem and is costing organizations around the world billions of dollars.  For healthcare organizations specifically, fraudsters are targeting your staff, your patients, and your business associates with email fraud attacks.

To better understand how email fraud is impacting healthcare organizations around the world, Proofpoint analyzed email fraud attacks targeting more than 450 healthcare organizations in 2017 and 2018.  Here are some of our findings:

How Email Fraud is Impacting Healthcare Organizations

The average number of email fraud attacks targeting a given healthcare organization in Q4 2018 was 96.  That’s a 473% increase over Q1 2017.  This means that criminals are targeting more people, across more business units, within healthcare organizations.  In fact, the average number of staff members, or employees, targeted by email fraud was 65 in Q4 2018 – and the median number was 23.  Because healthcare organizations are often complex and decentralized, it can be challenging to identify and protect the VAP’s.  Fraudsters are also taking on more identities within healthcare organizations to make these requests.  The average number of identities spoofed within a given healthcare organization was 15 in the same quarter.

How Fraudsters are Targeting Staff Members/Employees

Most email fraud attacks are sent on weekdays between 7:00am and 1:00pm in the targeted person’s local time zone.  This makes sense as these attacks are socially engineered to be as believable as possible.  A business associate, for example, is less likely to request payment information be updated after working hours or during a weekend.

Wire-transfer fraud is the leading form of email fraud in healthcare.  The most popular email subject categories used to target healthcare have included: “payment”, “request”, and “urgent”.

Identity Deception Tactics Used to Target Healthcare Organizations

A common tactic used to launch email fraud was to use a webmail service and change the display name (display name spoofing) to impersonate a person of authority.  From 2017 – 2018, 33% of these attacks targeting healthcare used Gmail.com, AOL.com, Comcast.net, Inbox.lv, or RR.com.

95% of healthcare organizations were targeted by an attack using their own trusted domain and 100% of these organizations had their domain spoofed to target both patients and business associates.  This form of domain abuse is called domain spoofing.

In 2017 and 2018, 67% of healthcare organizations were targeted by attacks launched from lookalike domains.  These are domains registered by third-parties and include swapping characters (i.e. a “0” for an “o”) or inserting additional characters (i.e. an “s” or an “r”).

Healthcare Organizations Can Protect Themselves from Email Fraud

Email fraud is a 360-degree problem – involving multiple stakeholders and identity deception tactics – and you need a 360-degree solution.  Protect your staff, patients, and business associates with controls that will block all fraud tactics: display name spoofing, domain spoofing, and lookalike domains. 

To learn more about how email fraud is impacting the healthcare industry, read the full report: https://www.proofpoint.com/us/resources/threat-reports/healthcare-email-fraud-report 

Click here to learn about how Proofpoint EFD360 can help you solve the email fraud challenge.