Wednesday, May 22, 2019

Email Fraud Attacks on Healthcare Jumped 473% Since 2017


This is a shocking stat, but in the last 2 years healthcare systems have seen a tremendous increase in fraud attacks launched via email.  By tremendous, I mean 473% tremendous.  That is no small number and given the amount of data that can be purloined via breaking into a repository of medical records, it is definitely an indication of just how vigilant we need to be of threats to our data security.

I recently read that the value of a medical record is around $20 apiece to those purchasing them, while viable credit card numbers are worth about $0.50… that’s right.  A credit card number is worth 50 cents while a medical record is worth twenty dollars.  Personally I would have never thought our records were actually worth that much, but that is what the market is paying.

I have had a chance to peruse the Healthcare Email Fraud Report  that has been put together from security company ProofPoint.  The information is fascinating and also a bit frightening.  As Dentistry’s “Technology Evangelist” I look upon my job as to not only present information on new devices, techniques, and materials, but to also help with things such as security and help with HIPAA and other data protection issues.  To that end, that’s why you are seeing more and more posts here leading off with my “biohazard” graphic (seen here at the top of this post) because things are just getting crazier from a standpoint of protection.

Recently I’ve become quite interested in a company called “ProofPoint” because they seem to be doing a very commendable job or monitoring the trends in the security aspects of our profession.  Like any aspect of our profession, you cannot have too much good information and ProofPoint is a powerhouse when it comes to tracking and warning of the problems we are facing every day.  

Proofpoint regularly conducts extensive research to highlight
the threats, trends, and key takeaways we see within our large
customer base and in the wider threat landscape.

Every day, we analyze more than 5 billion email messages,
hundreds of millions of social media posts and more than 250
million malware samples to protect organizations around the
world from advanced threats. We continue to see sophisticated
threats across email, social media and the web. That gives us a
unique vantage point from which to reveal and analyze the tactics,
tools and targets of today’s cyber attacks.
Here are some of their  Key Findings:


Healthcare organizations were targeted in 96 email fraud attacks on average in Q4 2018—
a 473% jump over Q1 2017.
Wire-transfer fraud is healthcare’s most common form of email fraud.
Within targeted healthcare organizations, 65 staff members were attacked in Q4 2018
on average.
The largest volume of email fraud attacks targeting healthcare arrived on weekdays between
7 a.m. and 1 p.m. in the targets’ time zone.
95% of healthcare organizations were targeted by an attack using their own trusted domain.
And all of them had their domain spoofed to target patients and business partners.
45% of all email sent from healthcare-owned domains in Q4 appeared suspicious, including
65% sent to employees, 42% sent to patients, and 15% sent to business partners.

For more information on the state of security in healthcare and to be able to access reports as well as read their very informative blog, head over to the ProofPoint website and bookmark it.  I think you’ll find it a great place to learn more.  I know that I certainly have.

No comments:

Post a Comment