68% of Healthcare Organizations Have Compromised Email Accounts

Evolve IP has published the results of a new study that has revealed the extent to which healthcare email credentials are being compromised and sold on the dark web. The FBI has also recently warned about Business Email Compromise (BEC).

Email credentials are highly valuable to cybercriminals. A compromised email account can be plundered to obtain highly sensitive data and an email account can be used to gain access to healthcare networks.

63% of data breaches in the United States occur as a result of compromised email credentials and healthcare email credentials are being sold freely on the dark web.

Evolve used its Dark Web ID analysis technology for the study and reviewed 1,000 HIPAA covered entities and business associates. Evolve discovered 68% of those organizations have employees with visibly compromised email accounts. 76% of those compromised accounts included actionable password information and that information was freely available on the dark web.

Depending on the industry segment, between 55.6% and 80.4% of organizations had compromised email accounts. Medical billing and collections organizations fared the best, with 55.6% of organizations having at least one compromised account, while regional healthcare plans the worst affected with 80.4% of organizations having compromised email accounts.

Evolve points out that in many cases the passwords associated with the email accounts were outdated, but explained that even outdated passwords are valuable to hackers.

Passwords are often recycled, so an old password could allow a hacker to gain access to other online accounts. Evolve also says “hackers can create a user profile and determine a person’s new password fairly accurately by using simple guessing or sophisticated automated algorithms.” Even when passwords are hashed, hackers can crack the hash, conduct brute force attacks and use lookup, reverse lookup, and rainbow tables to guess the passwords.

In the majority of cases, email accounts were compromised as a result of a data breach (55% of compromised accounts). While just 6% of compromised accounts were the result of a phishing attack, Evolve points out that equated to 450 separate email accounts that were compromised as a direct result of phishing attacks.

Preventing email compromise incidents is an essential part of any cybersecurity strategy. Evolve suggests three main methods that all healthcare organizations should embrace to reduce risk: Proactive threat intelligence, continuous security management, and rapid incident response and recovery.

By obtaining up to date threat intelligence, healthcare organizations can discover the latest vulnerabilities and threats before they are exploited by criminals. Continuous security management should involve real-time security analyses and infrastructure management, which will help healthcare organizations stay one step ahead of hackers.

Even if security best practices are adopted and the latest cybersecurity technologies are implemented, it will not be possible to prevent all security breaches. Organizations must therefore have the policies and procedures in place to ensure a quick recovery. Fast action following a security breach will limit the harm caused.

The EvolveIP Report can be found on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.