Most Common Phishing Emails Used on Healthcare Organizations


Cofense recently revealed in a news report the most typical healthcare phishing emails sent by hackers and which message attracts the most number of clicks.

The 2018 Cofense State of Phishing Defense Report gives information about the susceptibility or resiliency to phishing attacks and the responses to phishing emails. It also shows the seriousness of the phishing threat, and how top companies are handling the risk.

There is a high cost associated with phishing as showcased in the settlement between Anthem Inc and the HHS’ Office for Civil Rights. Anthem paid $16 million to resolve HIPAA Rules violations that brought about the data breach involving 78.8 million records in 2015. In addition, Anthem paid $115 million to settle a class action lawsuit in connection with the breach. Today, the cost of resolving an average sized breach is $3.86 million as per Ponemon/IBM Security, 2018.

Past Cofense research indicated that 91% of all data breaches were initiated by a phishing email. A research by Verizon showed that 92% of malware infections come about due to malicious email messages. Cofense mentioned statistics from Symantec’s 2018 Internet Security Threat Report that an average of 16 malicious email messages land in the inbox of every email user each month.

Cofense is the top global company providing human-driven phishing defense solutions. 50% of Fortune 500 firms use Cofense’s phishing defense solutions to boost their resiliency to phishing attacks. In the most recent report, Cofense reviewed the results of over 135 million phishing simulations conducted through its program and there were roughly 50,000 real phishing threats that consumers reported.

Cofense records that one out of ten potentially malicious emails the end users reported were verified as malicious. 50% of the malicious messages were phishing emails created to trick end users to divulge their credentials.

Of the 23 industries represented in the study, 21% of the crimeware emails reported had malicious attachments. So far, fraudulent invoices were the most rampant theme of phishing emails in 2018, accounting for six of the ten most successful phishing campaigns.

Though attackers frequently use fake invoices in launching their phishing campaigns on healthcare companies, fake invoices are only the third (16.5%) most common type of phishing email. In all other industries, fake invoices were the top phishing email threat. New email message alerts are the second (25.5%) most common healthcare phishing emails. Fake payment notifications were the number one (58%) healthcare phishing emails.

Conducting training and phishing simulations were the most effective way to reduce the risk of phishing attacks, according to Cofense data. Having technical email security solutions is important, however, they are not adequate in blocking in all malicious messages. Only by training end users and having them undergo simulations can they effectively recognize malicious messages and respond suitably. The industries that train their end users frequently record the highest resiliency to phishing attacks.

Cofense recommends that phishing simulation exercises should be focused on active threats to be effective. Training should be conducted at least quarterly to make the employees mindful of phishing emails and report them. By encouraging employees to report potential phishing threats, companies have greater success at averting phishing attacks.

The Cofense State of Phishing Defense Report has more recommendations for security awareness training and phishing simulations and can be found on this page.