In 2020, ransomware attacks alone cost the US healthcare industry $20 billion just in downtime. That is a huge impact for an email attack vector that makes up only a fraction of the total email threats that face healthcare providers.

 

From 2019 to 2020, healthcare providers across the US saw a 9,851% boom in cyber attack attempts. The recent rise in cybercrimes against healthcare has forced organisations to assess their security measures - and many have found themselves ill-equipped to defend against, or recover from, a major cyber attack.

 

These trends are echoed in the UK too. The UK government saw large-scale campaigns targeting healthcare bodies and medical research organisations, leading the NSCS to believe that cyber security could be the next big healthcare emergency. So, why are healthcare providers under threat?

 

Cyber Threats are on the Rise for Healthcare

Healthcare providers keep highly detailed and up-to-date records on their patients which, as you might’ve guessed, make these organisations a prime target for cyber criminals.

The security of patient information has always been a serious area of risk - an idea reinforced by the notorious 2017 WannaCry ransomware attack that infiltrated NHS systems across the country.

However, patient records are now more vulnerable than ever.

Many healthcare providers have introduced online patient portals to address the need for contactless communication, often rushing to complete the systems and leaving security measures as an afterthought.

Staff have also been working remotely, further stretching IT resources to the limits as technicians needed to set up and maintain brand new remote desktop protocols.

Considering the above, it’s clear that healthcare providers need to double down on their cyber security efforts.

email attacks at a glance

Cyber Attacks to Expect in 2022

One of the most common attack vectors that cybercriminals utilise is email. It’s quick and easy to design and deploy attacks on email environments, both large and small.

Ransomware has been among the most effective attack types against healthcare providers in recent years. In Barracuda’s 2021 Worldwide Healthcare Cyber Security survey, just under half of all surveyed organisations admitted to falling victim to ransomware attacks.

Attacks involve sending a malicious link to users as part of a seeming trustworthy email. The unsuspecting user clicks on the link and immediately opens up their company network to attack by cyber criminals, to access, encrypt, and ransom confidential data for a monetary payout.

Learn More About Ransomware

Another common attack vector for the healthcare industry is social engineering – where attackers intentionally deceive and manipulate targets into divulging confidential or personal information that may be used for fraudulent purposes.

In the case of healthcare services, staff are targeted by spear phishing methods to exploit their access to confidential records and log in details.

Alternatively, cyber criminals may simply rely password-spraying campaigns ran by bots to gain access to email accounts through brute-force.

These attacks can take a long time to produce results, but eventually an account with a weak password will be compromised. From there the attackers can begin credential stuffing to compromise the individuals’ other business accounts to find confidential information.

 

Steps for Improving Security

Multi-factor Authentication (MFA)

There is no better way to exponentially improve account security than enforcing Multi-Factor Authentication (MFA) across an organisation. MFA eliminates the risk factor of password compromise from brute-force attacks.

A.I. Behavioural analysis

Beyond password security measures are multi-layered email security solutions, such as the Barracuda Total Email Protection stack. Barracuda’s email security suite includes a A.I. driven behavioural analysis service called Sentinel, which automatically scans mailboxes, learns behaviour patterns, and detects any anomalies within inbound and outbound email messages.

Security awareness training

Also included as a service in the Barracuda Total Email Protection service is the Phishline phishing simulation service, a highly-effective educational tool to raise awareness of email-borne security threats among staff and users. Keeping all users well-informed and up-to-date with the latest security awareness training is a crucial aspect of a complete email security system.

 

How will your organisation prepare for these email security threats in 2022?