How resilient is healthcare to phishing?
Healthcare is a favorite – and profitable – target for cyberattacks. If you work for a healthcare company, or if you’re a patient or subscriber, you’re familiar with all the data the industry gathers and threat actors crave: name, date of birth, Social Security number, mailing address, email address, and probably a credit card or two.
As healthcare records have steadily gone digital, the industry has played catch-up with cybersecurity. With its emphasis on patient care, in particular those aspects that drive the bottom line, healthcare has had to refocus on security and risk management. Unfortunately, in many healthcare companies, security budgets lag behind those in other industries.
That’s started to change as healthcare companies pay a steep toll in data breaches: records replacement, remediation, downtime, brand reputation, fines, and even stock price. The damage happens downstream, too. When systems crash, patient care is at risk. So is the accuracy of medical records, which can results in complaints and lawsuits.
Snapshot: crimeware among 3 healthcare companies
While some phishing attacks on healthcare companies come from nation-state actors, most attacks come from profit-minded criminals – no surprise, considering the healthcare industry is valued at trillions of dollars. This also explains why nearly 80% of healthcare companies were successfully hit by phishing attacks in 2017.
Let’s examine some phishing data on 3 Cofense healthcare clients. All are national companies, all will remain anonymous. Specifically, let’s look at the percentage of malicious emails among emails employees reported in the second half of 2017. Each company uses Cofense PhishMe™ to train users to recognize phishing and Cofense Reporter™ to report suspicious emails to security teams.
This healthcare company stopped a phishing attack in 19 minutes
One Cofense healthcare customer has built an end-to-end phishing defense. It features phishing awareness, reporting, incident response, and threat intelligence.
To encourage employees to report all suspicious emails, the company launched its Phishing Bounty Program. It gives cash or merchandise rewards to any user reporting a verified malicious email. Trained via Cofense PhishMe and armed with Cofense Reporter, motivated employees sounded the alarm on a well-crafted scam.
The email very convincingly spoofed the company’s CEO, asking employees to click on a link to agree to a company policy. The link went to a login page where the attackers harvested credentials, gained the system access, and attempted to reroute automatic payroll deposits.
Some employees were fooled, but many reported the email. The company uses Cofense Managed Triage™, our security orchestration, automation, and response platform. Thus, the emails went straight to the Cofense Phishing Defense Center (PDC) for both automated and human analysis.
Upon verifying the threat, the PDC notified the customer and mitigation began. Only 19 minutes elapsed from the moment the employees received the email to the time the healthcare company blocked the phishing site and retracted the email.
It’s common for breach detection to take over 100 days. By fusing phishing awareness and reporting with response and mitigation, this company prevented a breach in well under half an hour.
To read more about these case studies, see the full whitepaper from Cofense here.