A recent Proofpoint report gives information on the cyber threats that healthcare organizations encounter and the most common attacks that result in healthcare data breaches.
Proofpoint’s 2019 Healthcare Threat Report shows the constantly changing threat landscape and how the strategies utilized by cybercriminals are in a consistent state of flux.
The study, which was conducted on Q2, 2018 to Q1, 2019, exhibits how the different malware utilized in attacks often change. In Q2 of 2018, ransomware was a famous type of malware and was utilized in a lot of attacks on healthcare providers, however ransomware incidents diminished quickly as cyber criminals turned to banking Trojans. For the last three-quarters of the study, the favorite malware of cybercriminals was banking Trojans, although ransomware is currently becoming popular once again.
Proofpoint’s research indicates that banking Trojans were the greatest malware threat to healthcare providers during the study period. Banking Trojans accounted for 41% of malicious payloads delivered via email from Q2 of 2018 to Q1 of 2019. In Q1 of 2019, the greatest threat was the Emotet banking Trojan, which made up 60% of all malicious payloads.
Although phishing attacks are a relentless threat, there were more malware attacks covering the study period. Still, phishing attacks have increased substantially in 2019. Malware is frequently distributed through email attachments. Another way is the use of URLs. The embedded hyperlinks may point users to phishing sites where credentials are compromised. But they may also send healthcare staff to sites where malware is quietly downloaded. Malicious URLs are used in 77% of the email-based attacks throughout the period of study.
The recipient is very likely to open malicious emails if he/she knows the email sender. 95% of targeted healthcare organizations received emails that imitated their own trusted domain and 100% of targeted healthcare organizations had their domain imitated in phishing attacks on their industry partners and patients.
Targeted healthcare companies got an average of 43 imposter emails in Q1 of 2019, a rise of 300% from Q1of 2018. The attacks affected an average of 65 staff members at each healthcare provider.
While the email subjects were very diverse, the subject lines usually contained the words “payment”, “urgent”, or “request.” Those words were found in 55% of malicious emails. Malicious emails are typically sent during company hours when employees are at their office table, usually from 7 am to 1 pm, Monday to Friday.
While cyber criminals still use the spray and pray techniques to send their phishing emails and malware to as many persons, numerous healthcare email attacks are a lot more targeted. Proofpoint assessed email attacks at a number of healthcare providers and discovered that some people are much more targeted than others.
The list of “Very Attacked Persons” or VAPs consists of doctors, researchers, and administrative staff at healthcare organizations, customer support/sales staff, and IT staff at health insurance providers, and executives, marketing staff, and logistics/sourcing and supply chain personnel at pharma companies.
Shared email aliases employed to ask for patient information or for signing into patient sites got a large number of malicious emails. These email addresses have the possibility to bring about multiple malware infections and a number of replies to phishing emails.
Obstructing these threats demands layered defenses. Anti-phishing and anti-malware ought to be enforced to secure the email system, filtering controls are necessary to stop web-based hazards, anti-malware controls are needed on endpoints, and staff should have regular training to help them in identifying threats and conditioning them to take the necessary action whenever a suspicious email message is received.