Hospitals and health systems received an influx of fraudulent emails last year , a persistent problem that has cost healthcare organizations $12.5 billion since the end of 2013, a Proofpoint study found.
Cybersecurity provider Proofpoint analyzed more than 160 billion emails sent across 150 countries in 2017 and 2018 to identify the prevalence of email fraud at 450 healthcare organizations.
Six things to know:
1. In the fourth quarter of 2018, healthcare organizations were the targets of 96 email fraud attacks, a 473 percent increase compared to the first quarter of 2017.
2. The most common type of email fraud in 2018 was wire-transfer .
3. For the average targeted organization, 65 staff members were attacked in the fourth quarter of 2018. The email fraud attacks were most likely to occur on weekdays between 7 a.m. and 1 p.m.
4. The majority of healthcare organizations — 95 percent — were targeted through their own trusted domains, which were spoofed to target patients and fellow business partners.
5. Of all the emails sent from healthcare-owned organizations, 45 percent in the fourth quarter of 2018 appeared suspicious. The suspicious emails were most often sent to employees (65 percent), followed by patients (42 percent) and business partners (15 percent).
6. Proofpoint suggests that healthcare organizations adopt the following to protect themselves from email fraud:
• Email authentication
• Machine learning and policy enforcement
• Domain monitoring
To access the complete report, click here.
Editor's note: This article was updated Feb. 14 at 11:20 a.m. CT.