Email fraud targeting healthcare professionals has spiked 453% over the past two years, according to a new report by Proofpoint. Proofpoint researchers tracked business email compromise attacks against more 450 healthcare organizations in 2017 and 2018, and found that the average number of attacks targeting an organization in Q4 2018 was 96, compared to less than 20 in Q1 2017. Additionally, attackers spoofed an average of 15 different identities within a given healthcare organization in Q4 2018.
Most of the attacks involved display name spoofing and domain spoofing. Ryan Terry from Proofpoint, who authored a blog post summarizing the report, says that “95% of healthcare organizations were targeted by an attack using their own trusted domain and 100% of these organizations had their domain spoofed to target both patients and business associates.”
Terry says that, as defensive technology improves, criminals are increasingly turning to attacks that exploit human vulnerabilities. “When you think about protecting your organization, you’ve got to start by protecting your people,” he writes. New-school security awareness training is one of the best ways to give your employees the ability to thwart these attacks by showing them how the attackers operate. Proofpoint has the story: