A new report published by Abnormal Security reveals that business email compromise (BEC) attacks in the healthcare sector have surged by 279% this year. These attacks, along with other advanced email threats, have seen a 167% increase, encompassing credential phishing, malware, and extortion.
The data shows that the average number of advanced email attacks per 1000 mailboxes in the healthcare sector started at 55.66 in January 2023 and reached a peak of over 100 in March. While the numbers have somewhat stabilized at around 61.16 attacks per 1000 mailboxes for the remainder of the year, historical trends suggest a potential spike during the holiday season.
While BEC attacks may not be as numerous as other email threats, they pose significant financial risks. The FBI reports that the average financial loss per BEC attack is $125,000. These attacks are particularly concerning because they often appear as text-based messages, originating from legitimate domains and lacking the typical signs of compromise.
One example highlighted in the report underscores the potential harm caused by such threats. An attacker impersonated the president and CEO of a healthcare network, requesting updated aging statements for customers, including email addresses for the account payables department. Responding to this seemingly harmless email could grant the attacker access to critical financial information, allowing them to divert payments and leading to substantial losses for the healthcare network.
As the year progresses, the healthcare industry should anticipate a continued surge in email attacks. Abnormal Security advises organizations to prepare for an additional influx of attacks in the latter half of the year. Embracing sophisticated cloud email security solutions can significantly enhance cybersecurity practices and prevent these attacks from reaching healthcare staff.
Source: Abnormal Security
More information on attacks against the healthcare industry: NextGen Healthcare Data Breach: One Million Patient Records Affected.