Protecting the Healthcare Sector from Phishing Attacks

Email-based cyberattacks are posing an ever-greater threat to the healthcare sector. As attackers adopt more sophisticated methods that are more likely to bypass defences and harm patients and staff.
“Healthcare faces a growing threat from cybercriminals and we’ve seen phishing attacks on the sector increase by an alarming 37% in the last year alone,” says Mike Britton, CIO at Abnormal Security. “These malicious emails are often the first step to launching additional attacks, typically including data theft and ransomware attacks.”
Abnormal Security provides an AI-native human behaviour security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications.
“The platform connects via API to analyse thousands of signals from multiple data sets and precisely baseline known behaviour,” Mike explains. “Autonomous AI models then enable Abnormal to precisely detect anomalous activity and stop never-before-seen attacks with superhuman speed and accuracy—understanding humans better than humans to protect humans better than humans.”
Why phishing attacks on the healthcare sector are increasing
Healthcare data has always been a favourite for cybercriminals and for a number of reasons.
“Healthcare data contains sensitive information like private patient data and medical histories which can be used for future extortion efforts,” says Mike. “This data tends to be permanent or hard to change and records can fetch up to 20 times more on the dark web than credit card data, which usually has much shorter expiration periods. This makes medical databases a very versatile asset with a long shelf life, which can be used for a variety of criminal activities.”
The healthcare industry is extremely vulnerable to disruptive cyberattacks. Ruthless criminal groups know that healthcare companies are likely to pay ransoms due to how important it is that they keep their operations up and running for patient health and safety.
“The healthcare industry has a vast supply chain and partner network, giving threat actors an opportunity to use phishing to distribute fake insurance claims or fake invoices for medical equipment, which can appear to recipients to be a normal part of business,” Mike continues. “Healthcare organisations have historically been slow to upgrade their technology. Many continue to rely on legacy systems, including legacy security systems, due to limited budgets, resources, and time constraints. Additionally, most medical professionals don’t routinely receive security awareness training to the same extent as professionals in other industries that move at a faster pace of innovation.”
Overall, Mike and his team have seen email attacks on the healthcare sector trend upward year over year, with some attack tactics seeing steeper increases than others.
“While traditional phishing attacks have grown 37% over the last year, a more sophisticated breed of email attack – vendor email compromise (VEC) – has grown by 60%,” he explains.
These attacks exploit trusted vendor relationships, where threat actors impersonate service providers, suppliers and distributors to trick employees into processing fake invoices or altering bank information. Because healthcare leverages such a vast supply chain network, it’s no wonder that VEC attacks in this industry have been skyrocketing.
“The rise in both phishing and VEC attacks has been fuelled in part by criminal groups using generative AI tools to create and launch attacks more efficiently,” he adds. “Legitimate tools like ChatGPT can be used to quickly craft convincing, error-free emails, even analysing a particular identity to mimic their tone and style. These tactics are making malicious emails more likely to slip past traditional defences, and they are also harder for distracted health workers to spot.”
How regulatory bodies can protect the healthcare sector against emerging cybersecurity tactics
- Mandatory data encryption
- Vulnerability management
- Stringent access control measures like multi-factor authentication.
What’s more, regulations should emphasise vendor risk management to counter the threat of VEC attacks. Ensuring that healthcare providers regularly assess third-party vendors for compliance will reduce the ability for threat actors to exploit the expansive healthcare supply chain.
“High staff turnover in healthcare introduces cybersecurity risks as new employees may be unfamiliar with security protocols and internal communication patterns,” he continues. “It’s easier for tactics like impersonation and social engineering to succeed in an environment where many workers are unfamiliar with each other. Equally, in a fast-paced, high-pressure environment like healthcare, staff will rarely have the luxury of scrutinising incoming messages.”
Additionally, frequent onboarding delays cybersecurity training, creating longer periods of vulnerability. Automated security systems can help mitigate these risks by identifying suspicious activity without relying solely on employee vigilance.
Although the rising attack volumes make for grim reading, there is hope for the healthcare sector if the right defences are brought in to stem the tide.
“The future of healthcare cybersecurity will depend on embracing advanced technologies like AI-powered security solutions,” Mike shares. “As cybercriminals increasingly use AI and social engineering, healthcare organisations must counter them with tools that can detect behavioural anomalies and prevent attacks exploiting trusted relationships.”
******
Make sure you check out the latest industry news and insights at Healthcare Digital and also sign up to our global conference series - Tech & AI LIVE 2024
******
Healthcare Digital is a BizClik brand