Cyberattacks through emails are way up at hospitals and health systems in 2023, software company Abnormal Security reported.
Advanced email attacks in healthcare have increased 167 percent year over year, including business email compromise, credential phishing, malware and extortion, according to the Sept. 26 report. The frequency of these incidents peaked in March at 100 per 1,000 inboxes.
"But if last year is any indication, these numbers are going to continue to rise until the holiday season, when cybercriminals will take a short break before starting their work again in the new year," the report stated.
Business email compromise attacks account for a small portion of the overall breaches — less than 1 per 1,000 mailboxes — but a disappropriate share of the financial devastation ($125,000 each, according to FBI data cited by Abnormal Security).
"Identifying and stopping BEC is increasingly important, but made difficult by the fact that these attacks are often text-based, sent from legitimate domains, and lack traditional indicators of compromise like a suspicious link or malicious attachment," the report stated. "We’ve seen an increased number of requests for aging reports, and healthcare is no exception."
The company cited an example of a hacker who impersonated the president and CEO of a health system with more than 200 locations, requesting a copy of updated aging statements for all customers and email addresses for the corresponding account payables departments.