Mar 11
2024
Fortifying Healthcare Email Security: Advanced Solutions and Mitigation Strategies
By Usman Choudhary, general manager, VIPRE Security
Email remains a cornerstone communication tool for healthcare entities, yet the communication channel also presents formidable cybersecurity hurdles. The sensitive nature of patient data and the open nature of email renders it susceptible to data exposure and phishing attempts. Thus, as healthcare continues its technology maturation, the imperative to grasp the gravity of email security intensifies. Advanced email security solutions offer a potent means to tackle these challenges head-on.
Why does this matter now? Isn’t email dying? Not based on the numbers. For example:
In a review of just the fourth quarter of 2023, VIPRE reviewed roughly 7.2 billion emails worldwide that were processed through its systems. Of those, more than 950 million malicious or unwanted emails were detected (~13 percent) and blocked. Most of these were detected using classical signature-based detection of bulk email, known malware, and known malicious links, including 20 million emails with malicious attachments and 41 million emails with malicious links. But there were 500,000 malicious emails that were only detected because of advanced, behavioral simulation of a user actually clicking on the link, i.e. detecting true zero-hour malicious sites, which is a feature built into our VIPRE Email Link Isolation.
It was interesting to note a rise and fall in favored malicious email types each quarter and throughout the year. In 2023, we noticed the following trends:
- 276% increase in emails containing malware between Q1 and Q4
- 23% rise in scam emails between Q1 and Q4, with a 179% spike in Q2
- 6.4% decrease in phishing emails between Q1 and Q4
Regardless of the slight percentage decrease, phishing emails continue to be tied with scam emails in volume, making them a perennial favorite of hackers and a constant threat to inboxes. Healthcare is in the top three targeted industries, representing 14% of the attacks that we observed across all of our customers.
With this data as a reference point, it’s easy to see that healthcare is chronically at risk regarding its vulnerability to cyberattacks driven by phishing and malicious inclusions in email. While writing this piece, one of the nation’s largest healthcare clearinghouses, Change Healthcare, was affected by a massive ransomware attack.
Change Healthcare is a unit of UnitedHealth Group’s Optum subsidiary, and its products are used by a huge variety of healthcare organizations. According to HHS, Change Healthcare “was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on healthcare operations across the country.” The Russian-speaking cybercriminal gang known as AlphV and Blackcat claimed responsibility and said on its darkweb site that it exfiltrated 6 TB of data in the attack against Change Healthcare.
This specific attack affected healthcare systems, prescription deliveries, and anyone who processes insurance claims. This should raise red flags for all healthcare organizations regardless of size, particularly for smaller organizations with limited budgets. After all, if companies as massive as Change Healthcare—who undoubtedly had advanced cybersecurity measures in place—can be breached, then smaller organizations with fewer resources should take action to protect themselves.
The attack underscores the critical importance of proactive measures to mitigate the risks of sophisticated cyber threats. Although the attack vector in the Change Healthcare breach has not been identified as of this writing, the same group was responsible for the massive MGM Resorts hack in September 2023, which started on LinkedIn with a social engineering-driven exploit. A form of phishing, this foothold was leveraged to gain access within MGM, and this access was then expanded to target many of MGM’s key business systems.