Bad for Healthcare: 1 in 50 Emails Contains a Malicious Link

Phishing causes some of healthcare’s worst data breaches.

One of the greatest threats to patient data could be lurking in your inbox.

A new report has found that one in every 50 emails contains a “malicious” link — meaning they open the door to a phishing attack or malware — and they all slipped through cybersecurity systems. Mimecast Limited, a cybersecurity firm, conducted the study of more than 142 million emails, flagging 203,000 malicious links across 10 million emails.

Why does this matter for healthcare organizations? For starters, data breaches have affected 4.3 million patients in 2018, a figure that’s up from prior years. In July alone, healthcare breaches exposed the sensitive data of 860,000 people, and hacking incidents regularly affect hundreds of thousands of people each month. Phishing, meanwhile, has caused some of the industry’s worst breaches, including a case where 1.4 million patients in Iowa saw their information compromised.

>> READ: To Fight Phishing, Let’s Look at Fatigue

Today’s report highlighted a range of cyberthreats. Mimecast found, for instance, an 80 percent increase in impersonation attacks, resulting in 41,605 caught attempts. Another 13,176 emails harboring “dangerous file types” and 15,656 malware attachments made it through security safeguards — along with more than 19 million pieces of spam.

“Targeted malware, heavily socially-engineered impersonation attacks and phishing threats are still reaching employee inboxes,” Matthew Gardiner, a cybersecurity strategist for Mimecast, said in a statement. “This leaves organizations at risk of a data breach and financial loss.”

Although healthcare isn’t alone in facing these threats, it occupies a unique place in hackers’ hearts. For one, medical records sell for more money on the dark web than credit card numbers and other sensitive data, experts have said. What’s more, a successful cyberattack can bring down healthcare systems, affecting everything from electronic health record systems to medical devices, which can harm care. Because of this, hackers acting on behalf of enemy nations have come to see healthcare institutions as targets in cyberwarfare.

Mimecast, of course, recommends its solutions as the answer to cyberthreats in the inbox. But given healthcare’s web of regulatory requirements, experts have stressed the need for a multipronged approach, planned ahead of any attack, involving in-house cybersecurity employees. It’s also imperative to set up defenses against company insiders, as they have emerged as key contributors to healthcare’s rise in data breaches.

The price of inaction — and falling victim to, say, a phishing or ransomware attack — is high. Every month, dozens of healthcare organizations report data breaches to the federal government, and that often means steep financial costs and reputational harm.

Get the best insights in healthcare analytics directly to your inbox.

Related

If You Can’t Beat the Hackers, Join Them

Phishing Emails Play on Our Fear of Failure

Inexpensive Actions Against Expensive Data Breaches