chat
expand_more

Healthcare Organizations Experience 279% Increase in Business Email Compromise in 2023

Email attacks like BEC against the healthcare industry are on the rise in 2023. Protect yourself with sophisticated cloud-native email security.
September 26, 2023

Healthcare is a laudable industry—helping alleviate patient suffering, improving health outcomes, and keeping a highly complex, interconnected system running. But cybercriminals see things differently. They recognize that healthcare organizations house valuable data and abhor slow-downs in their operations. This makes them prime targets for attacks, especially socially-engineered attacks like business email compromise, known as BEC.

According to Abnormal data, the healthcare industry is experiencing a 167% increase in advanced email attacks in 2023, which includes BEC, credential phishing, malware, and extortion. While the year isn’t over yet, this signals the need for more sophisticated security to protect patients, employees, and the organizations themselves.

Healthcare1

The median number of advanced email attacks rose in early 2023 for the healthcare industry, starting the year with an average of 55.66 attacks per 1,000 mailboxes in January and peaking in March at over 100 attacks per 1,000 mailboxes. Numbers dropped to more consistent levels of nearly 61.16 attacks through the rest of the year. But if last year is any indication, these numbers are going to continue to rise until the holiday season, when cybercriminals will take a short break before starting their work again in the new year.

Social Engineering Attacks Increase by 279% for Healthcare

Throughout a typical year, cyberattacks ebb and flow. It’s entirely possible that the number of sophisticated attacks will dip over the 2023 winter holiday season, but even so, the overall number of sophisticated BEC attacks is significantly outpacing 2022.

Text-based BEC attacks do not have the volume of credential phishing or malware—accounting for less than one attack per 1,000 mailboxes—but they are on the rise. Last August, the healthcare industry received a median of .54 BEC attacks each week, but that number jumped 54% to .83 attacks a year later. And when looking at data only from January-August, the number of attacks increased significantly, with an average of only .22 attacks last year to .84 attacks this year—an increase of 279%.

Healthcare2

While the volume of BEC is minimal relative to other email attacks, it remains the most dangerous attack type because it often leads to direct financial losses at an average of $125,000 per attack, according to the latest research from the FBI. Identifying and stopping BEC is increasingly important, but made difficult by the fact that these attacks are often text-based, sent from legitimate domains, and lack traditional indicators of compromise like a suspicious link or malicious attachment. In many cases, they are simply looking for information that can then be used for another attack, like in this recent example stopped by Abnormal.

We’ve seen an increased number of requests for aging reports, and healthcare is no exception. In this email, the attacker is impersonating the President and CEO of a healthcare network with more than 200 locations throughout the United States. The email requests that the recipient send a copy of all updated aging statements for customers, including the email addresses for the corresponding account payables department.

Healthcare3

While this email may look innocuous at first glance, it can lead to disastrous consequences. If the recipient were to respond with this information, the attacker would then have legitimate contact and invoice information for all customers of the health network, which would enable them to create realistic emails requesting that the outstanding payments be diverted into the account owned by the attacker. Given how large this health network is and how many patients they see each day, a successful attack like this could result in millions of dollars lost before the network realizes that there is an error in the payments their customers are sending.

Defending Healthcare Organizations Against Sophisticated Email-Based Attacks

If 2022 is any indication, the healthcare industry should be prepared for an additional influx of attacks in the latter half of this year. Fortunately, there are solutions available to prevent these attacks from reaching doctors, nurses, and healthcare staff. By embracing sophisticated cloud email security, healthcare organizations can dramatically improve their cybersecurity practices.

Abnormal Security leverages artificial intelligence and machine learning to create a baseline of good behaviors. By understanding what’s normal, Abnormal can detect anomalous activity and block business email compromise, invoice and payment fraud, malware, and other email-based threats before they reach your employees.

See other trends impacting healthcare in the latest email threat report; Applications Abound: Average Organization Now Integrates 379 Third-Party Applications with Email.

Schedule a Demo
Healthcare Organizations Experience 279% Increase in Business Email Compromise in 2023

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
B CRN
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More