The Escalating Email Phishing Disasters Within Healthcare

As if our frontline healthcare workers didn’t have enough to worry about, the COVID-19 pandemic has also ushered in a tidal wave of phishing attacks aimed at the healthcare market. Why? Healthcare industry data is particularly appealing to cybercriminals due to its very nature. By accessing patient data, hackers have access to credit card information, social security numbers, birthdates, personal history, sensitive medical information, and much more. Not only do stolen healthcare records fetch a high price on the dark web, physicians and hospital executives are known to have the funds to pay ransomware attackers in order to save their business and protect their patients from the variety of cybercrimes that follow a healthcare data breach.

To say there is money in healthcare is an understatement. Global healthcare spending could reach more than $10 trillion by 2022 – making it ripe for cybercrime.¹ And yet, many say it’s one of the more vulnerable industries because it’s fragmented and underfunded in security.² To make matters worse from a cybercrime perspective, the industry continues to expand its online capabilities so that doctors, insurers, and other healthcare professionals can more easily share information and provide patients with tools that can keep them healthy.

In September, 2019, a healthcare researcher released a report on the state of healthcare data breaches in the United States. According to his data, which spanned over a ten-year period, the health records of nearly 170 million people have been hacked in 1,461 reported data breaches. Consider some of the repercussions:³

• In all of these incidents, people lost one or more pieces of important personal data
• More than 150 million people lost control of their driver’s license numbers, dates of birth and social security numbers.
• Cybercriminals got access to the back account and credit card details of almost 50 million people.
• 50 million people had their medical records exposed by hackers, which included details of their diagnosis, treatments, and medications.
• 4 million hacked patient records shared sensitive details such as HIV status, sexually transmitted infections, cancer, and mental illness.

Patients aren’t the only ones who suffer at the hands of cybercriminals during a data breach, the healthcare organizations take a devastating blow. According to the Verizon Data Breach Investigations Report, the healthcare sector saw a 71% increase in breaches or incidents from 2019 to 2020.⁴

• Wood Ranch Medical, located in Simi Valley, California was the victim of a ransomware attack in which all of their patients’ personal healthcare information was encrypted. They were unable to recover from the data breach and, as a result, closed their practice just three months after the attack.⁵
• The American Dental Association advised their dentists against the perils of phishing attacks after they experienced a ransomware attack in which 432 of their dental practices were locked out of their data.⁶
• In April, 2020 Magellan Health reported that hackers had gained access to their records by using a social engineering phishing scheme. The data stolen included employee credentials, passwords, W-2 forms, patient insurance information, and much more. This was a difficult pill to swallow, considering Magellan Health faced a month-long phishing incident one year prior.⁷
• BJC Health System notified 287,876 of their patients that they had fallen victim to a phishing scam in March, 2020. While the hacker only had access to the files for one day, numerous BJC-affiliated providers were affected.

There is no doubt that the healthcare sector is in a tough position. Not only do they have to take care of patients’ health, but they must protect their sensitive information at the same time. Is there an end in sight? That is to be determined. Sadly, 56% of healthcare providers still rely on legacy Windows 7 operating systems and may don’t invest in the security they need to fight cybercriminals.⁴

There are, of course, solutions available. INKY provides the most comprehensive email phishing protection available. It scans every sent and delivered email automatically and flags malicious emails, protecting your healthcare organization and your patients from even the most complex threats. INKY’s intelligent machine learning algorithms identify abnormalities in emails, even if the threat has never been seen before. INKY’s Banner warns employees of threats, while protecting and training them at the same time. Rest assured, as busy as your healthcare organization is, INKY installation is simple. Most customers are up and running in under an hour – even with remote employees. Schedule a demo or inquire today.

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

¹Source: https://policyadvice.net/insurance/insights/healthcare-statistics/

²Source: https://www.secureauth.com/newsroom/your-personal-medical-information-is-twice-as-likely-to-be-hacked-as-financial-data-heres-why/

³Source: https://www.news-medical.net/news/20190925/Healthcare-records-hacked-data-breaches-uncovered.aspx

⁴Source: https://cybersecurityguide.org/industries/healthcare/

⁵Source: https://www.woodranchmedical.com/

⁶Source: https://www.dentists-advantage.com/Prevention-Education/Risk-Alerts/Risk-Alerts-Index/Content/Ransomware-attack-hits-over-400-dental-practices

⁷Source: https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2020