Healthcare Email Fraud Attacks Have Increased 473% in 2 Years
Feb14

Healthcare Email Fraud Attacks Have Increased 473% in 2 Years

A recent report from Proofpoint has revealed healthcare email fraud attacks have increased 473% in the past two years. Email fraud, also known as business email compromise (BEC), is one of the biggest cyber threats faced by businesses. Successful attacks can result in losses of hundreds of thousands or even millions of dollars. Figures from the FBI suggest that globally, $12.5 billion has been lost to these email fraud attacks since 2013. These email attacks are highly targeted and typically involve the spoofing of email addresses to make emails appear to have been sent internally or from a trusted individual. They often involve the use of a genuine email account within an organization that has previously been compromised in a phishing or spear phishing attack. The attacks are usually conducted to obtain sensitive data such as employee tax information or patient information, to obtain credentials to be used in further attacks, and for wire fraud. Wire fraud is the most common form of email fraud in healthcare. For the report, Proofpoint analyzed more than 160 billion emails sent by...

Read More
Study Reveals Healthcare Industry Employees Struggling to Understand Data Security Risks
Apr30

Study Reveals Healthcare Industry Employees Struggling to Understand Data Security Risks

The recently published Beyond the Phish Report from Wombat Security, now a division of Proofpoint, has revealed healthcare employees have a lack of understanding of common security threats. For the report, Wombat Security compiled data from nearly 85 million questions and answers posed to customers’ end users across 12 categories and 16 industries. Respondents were asked about security best practices that would help them avoid ransomware attacks, malware installations, and phishing attacks and established the level of expertise at protecting confidential information, defending against email and web-based scams, securing mobile devices, working safely in remote locations, identifying physical risks, disposing of sensitive information securely, using strong passwords, and safe use of social media and the web. Overall, the healthcare industry performed second worst for security awareness, just ahead of the hospitality industry, with the survey highlighting several areas of weakness that could potentially be exploited by cybercriminals to gain access to healthcare networks and...

Read More
Phishing Attacks Using Malicious URLs Rose 600 Percent in Q3, 2017
Oct27

Phishing Attacks Using Malicious URLs Rose 600 Percent in Q3, 2017

As recent healthcare breach notices have shown, phishing poses a major threat to the confidentiality of protected health information (PHI). The past few weeks have seen several healthcare organizations announce email accounts containing the PHI of thousands of patients have been accessed by unauthorized individuals as a result of healthcare employees responding to phishing emails. Report Shows Massive Rise in Phishing Attacks Using Malicious URLs This week has seen the publication of a new report that confirms there has been a major increase in malicious email volume over the past few months. Proofpoint’s Quarterly Threat Report, published on October 26, shows malicious email volume soared in quarter 3, 2017. Compared to the volume of malicious emails recorded in quarter 2, there was an 85% rise in malicious emails in Q3. While attachments have long been used to deliver malware downloaders and other malicious code, Q3 saw a massive rise in phishing attacks using malicious URLs. Clicking those links directs end users to websites where malware is downloaded or login credentials are...

Read More
New Ransomware and Phishing Warnings for Healthcare Organizations
Aug30

New Ransomware and Phishing Warnings for Healthcare Organizations

Warnings have been issued about a new ransomware variant that is being used in targeted attacks on healthcare organizations and IRS, FBI and Hurricane Harvey themed phishing attacks. Defray Ransomware A new ransomware variant is being used in highly targeted attacks on healthcare organizations in the United States and United Kingdom. Defray ransomware is being distributed in small email campaigns using carefully crafted messages specifically developed to maximize the probability of a response from healthcare providers. The messages claim to have been sent from the Director of Information Management and Technology at the targeted organization and include the hospital’s logos. The documents claim to be patient reports detailing important information for patients, relatives and carers. The messages are being sent to specific individuals in organizations and via distribution lists. The campaigns involve Microsoft Word documents with embedded OLE packager shell objects. Clicking the embedded executable to view the content of the document will see Defray ransomware downloaded. There is...

Read More