Critical Condition: Spike in Email Attacks Targeting the Healthcare Industry

Our healthcare system saves millions of lives every year and, according to the Bureau of Labor Statistics, is the nation’s leading driver of job growth. As one of the fastest-growing and most essential industries, it’s incredibly valuable to our society—which also makes it a prime target for cybercriminals.

Despite continued efforts by healthcare security leaders to beef up cybersecurity infrastructure and employee security knowledge, email attacks are still on the rise. With cybercriminals continuing to leverage increasingly sophisticated tactics, it's more important than ever for healthcare organizations to understand evolving threats and how to protect against them.

No industry is safe from cybercrime, but there are a few reasons healthcare is an especially popular mark.

First, healthcare organizations store vast quantities of highly valuable, sensitive data—such as patients’ personal information, medical records, and financial details—which can fetch a sizeable return on the dark web. In fact, one researcher says medical information can be sold for 20x the going rate of credit card numbers. Capturing even a small amount of patient data can make for a hefty payday.

Additionally, any disruption to healthcare systems can have dire consequences. Not only do breaches negatively impact organizations’ reputations and threaten their financial stability, but patients’ lives hang in the balance. In other words, healthcare leaders have plenty of incentive to pay even the most exorbitant ransom fees—and cybercriminals know it.

To complicate matters further, healthcare is a highly regulated industry. Organizations are under significant pressure to follow compliance requirements, and regulating bodies don’t always factor emerging cybersecurity tactics into their policies and procedures. As a result, healthcare institutions may be working with outdated legacy security systems and methods that leave them especially vulnerable to advanced threats. Plus, like most industries, healthcare is becoming increasingly reliant on tech—and each new third-party application or vendor represents another vector to exploit.

The monthly volume of attacks on healthcare organizations has fluctuated over the past year, with some months seeing considerably more than others. However, vendor email compromise (VEC) has consistently trended upward, recording a 60% increase between August 2023 and August 2024.

VEC is a complex but highly lucrative attack method that relies on social engineering to take advantage of employees' trust. Unlike business email compromise, where attackers pose as internal staff, VEC threat actors impersonate service providers, suppliers, distributors, or other vendors to trick employees into processing fake invoices or altering bank information in the organization's accounts payable system.

In many cases, cybercriminals take over a vendor’s email account and insert themselves into existing email threads with their targets. Because these messages originate from a known and trusted email account, they often bypass traditional email security solutions. And since many threat actors have begun leveraging generative AI tools that expertly mimic a victim’s communication style and tone, they don’t always raise suspicion in employees either.

Additionally, healthcare organizations maintain large networks of suppliers and third-party service providers, which can be challenging to defend. Many hospitals and clinics work with the same vendors for several years, building long-term, trusted relationships that can be relatively easy for threat actors to exploit. Even employees who know better than to send confidential information via email can be caught off-guard by a request they believe came from a respected contact they engage with regularly.

While phishing ranks in the lower third of all attack types monitored by the FBI Internet Crime Complaint Center (IC3) in terms of total losses, it’s often just the initial move in a broader scheme. Frequently, phishing serves as a gateway for attackers to establish a foothold, rather than being the ultimate objective.

Between August 2023 and August 2024, the number of phishing attacks on healthcare organizations increased by 37%.

Phishing emails used to be easier to spot, often riddled with obvious red flags like bad grammar, frequent misspellings, and unconvincing impersonations. Today, however, with the help of tools like Google Translate and AI platforms like ChatGPT, attackers can create polished, grammatically correct, and well-written emails that are tailored specifically to their targets.

For healthcare professionals in particular, a high rate of turnover in larger healthcare organizations and hospital systems means employees are less likely to know their colleagues personally, making impersonation easier. Healthcare providers also often work in high-pressure situations with tight schedules and heavy workloads, which can lead to less scrutiny of emails and an increased likelihood of opening malicious messages.

Threat actors have learned to evolve, subvert expectations, and leverage sophisticated strategies that make their actions nearly impossible for traditional security software to detect. Unfortunately, it only takes one successful attack to cause catastrophic damage.

While security awareness training helps employees improve their habits, it can’t mitigate the threats hiding behind genuine-looking communications. Without the telltale signs most people associate with email attacks—like misspellings, odd phrasing, and unfamiliar senders—modern threats can easily slip under the radar.

Abnormal Security leverages machine learning and artificial intelligence to detect unusual activity and block email attacks from reaching employees. The system starts by creating a baseline of typical behaviors across the organization so it can rapidly identify potential threats and remediate them before they have a chance to wreak havoc. With an AI-native solution like Abnormal, healthcare organizations can protect themselves even as the email threat landscape continues to evolve.

See for yourself how Abnormal AI provides comprehensive email protection against attacks that exploit human behavior. Schedule a demo today.