After reviewing hundreds of millions of malicious emails from the past two years, healthcare security firm Proofpoint has gained some hard-won insights into the tricks and strategies of those who send phishing emails.

WHY IT MATTERS
While most email users know or have been trained by now not to open attachments sent in suspicious emails, they still click URLs. Proofpoint saw a rise in malware entering systems through URL attacks, suggesting that it's time to revisit training on what to be wary of, with regard to both emails and online communications.

More than three-quarters (77%) of email attacks on healthcare organizations used malicious URLs, the research shows.

This is especially important as almost all healthcare companies reported emails that spoofed their own domain – meaning that employees seeing a link from an address they assume to be safe are all the more likely to click on it and allow an invader access to the network.

Proofpoint found that anyone with the right kind of access to a hospital network – even just having a visible email address – is a viable target for malicious actors. Anyone from an administrative staff member in a hospital to a logistics professional could have access to sensitive information, or be connected to someone who does.

Among the other findings from Proofpoint's report: The healthcare organizations polled had received 300% more phishing emails in the first quarter than during the same period for the year before.

Researchers also offered some interesting perspective on scam artists' tips and tricks, and the strategies they used to capitalize on the all-too-trusting humans on the other end of the email.

Subject lines commonly included go-to terms designed to heighten priority, such as "payment," "request" and "urgent." Those and similar terms appeared in 55% of the email attacks examined by Proofpoint.

And interestingly, the report found that most phishing emails arrived on a predictable schedule – on weekdays, between 7 a.m. and 1 p.m. in a given target's time zone.

THE LARGER TREND
Proofpoint also found that the attacks have intensified in focus. Organizations most likely to pay a ransom are being singled out for ransomware assaults, and as hospitals can easily be ground to a halt through one of these attacks, they fit the bill as a perfect target.

Outside of ransomware, healthcare's cozy relationship with payment and other money-related information makes attacks on patient banking data a top focus for hackers. Proofpoint listed banking trojans that key in on financial account access as one of the top malwares hospitals experienced last year.

If one of the greatest weaknesses hackers zone in on is human weaknesses (such as being too busy to carefully read an email or succumbing to stress over an enticing subject), then hospitals need to invest in a culture of security in their organizations.

Additionally, Proofpoint recommends building robust defenses: managing email better to weed out fraud, isolating URLs that contain malware and having systems in place to quickly respond to the eventuality that some attacks will always get through, no matter how well-trained a hospital's employees become.

Moving forward, organizations will be best served to have a realistic picture of what to expect from attackers and to set up defenses and responses appropriately. With this in mind, learning from experience and investing in outside help from security consultants will also be an important element of any health network's security plan.

ON THE RECORD
"Healthcare institutions now consider cybersecurity a patient safety issue core to healthcare’s overall mission," said Proofpoint Managing Director Ryan Witt. "This concern is a departure from the earlier part of the decade when cybersecurity was considered a HIPAA compliance issue or mechanism for securing meaningful use funding in support of implementing electronic medical records."

He added: "While the cyberattack techniques against healthcare organizations vary and evolve, one common thread is that they attack people, not just technology. They exploit healthcare workers’ curiosity, time constraints in acute care settings, and their desire to serve. Combating these attacks requires a new and people-centered approach to security."

 Prepare for next-gen cybersecurity threats and join the #HITsecurity discussion at the HIMSS Healthcare Security Forum this Dec. 9-10 in Boston.