Cyberattacks against organisations are not just increasing in volume, they are growing in severity and taking longer to recover from and fix. This is particularly challenging for healthcare organisations, which have long been a prime target for criminal groups attracted by the opportunity to steal large volumes of sensitive medical records.
A recent analysis of publicly disclosed incidents during 2023 reveals that the health sector suffered more attacks than any other sector. Email-borne attacks such as phishing remain one of the top ways for attackers to break into networks and they continue to refine their tactics to maximise the chances of success. The public release of generative AI tools has provided new opportunities for attackers to increase the scale and sophistication of attacks, making them harder to detect and easier to fall for.
Healthcare providers need to strengthen their email defences to safeguard assets, including data, from a new generation of email threats.
The evolution of email-borne attacks
Email-borne attacks were once characterised by high-volume ‘spray and pray’ tactics, where malicious emails could be relatively easily identified by their grammatical errors, unusual spellings or irrelevant content.
Even targeted spear-phishing emails could exhibit these giveaway clues. More sophisticated threats soon emerged, including Business Email Compromise (BEC) attacks. BEC attacks frequently target influential employees, such as senior leaders, to exploit trusted relationships. Such approaches can be more effective at evading traditional email security measures and deceiving their victims.
Research from Barracuda into cyberthreats targeting healthcare found that 77% of respondents from the healthcare sector had experienced an email security breach in the previous 12 months.
For those that were affected, the impact of the attack was often severe: 60% of victims said that computers or other machines had been infected with malware or viruses, compared to 55% across all industry sectors, while 60% said that confidential or sensitive data had been stolen, compared to 49% overall. 70% reported stolen login credentials or account takeover, compared to 48% overall.
The power of artificial intelligence has increased the risk. Generative AI can be leveraged to rapidly analyse email correspondence and produce copy that closely mimics its style and tone, enabling cyber criminals to craft convincing messages faster and more easily than ever.
Protecting against email attacks
These developing attack tactics make it harder for traditional security tools to identify and block malicious messages. As such, healthcare organisations must employ a multifaceted strategy that can protect staff and patients against the latest techniques.
With so many email attacks aiming to steal credentials and take over accounts, stringent authentication is one of the most important defences. Multifactor authentication (MFA) should be treated as an essential step for all accounts, as the need for another verification channel will stop many identity-based attacks cold.
Ideally, healthcare providers should treat MFA as a minimum level of security and pursue more comprehensive approaches to control access to their systems and most sensitive data. The Zero Trust approach is one of the most effective methods. The principle of “never trust, always verify” means that no user is assumed to be benign until they have proven their identity. By embedding Zero Trust principles, healthcare providers can drastically reduce the likelihood of insider threats, ensuring that access privileges are tightly regulated and limited strictly to what each role needs.
Countering email threats with AI-powered analytics
The best defence against email threats is to prevent them from reaching their target in the first place, so robust identity verification processes need to be supported by powerful email security measures. AI-powered detection technology is one of the most effective approaches in countering sophisticated email threats.
These advanced systems use machine learning algorithms to understand how an organisation operates and develop a baseline of normal operational behaviour. With this as a reference, they can dissect email content and account behaviour to uncover anomalies that may bypass traditional security mechanisms. The AI algorithm continually learns and adapts, predicting potential threats and adapting to the nuances of emerging attack vectors even as criminals shift their tactics.
However, technology is only one part of the equation, and should be combined with a focus on the human side of security. Because email attacks nearly always seek to exploit human nature, building an engaged and informed workforce is just as important. Through ongoing education and awareness initiatives, employees can be equipped with the critical skills needed to recognise potential threats.
The abundance of personal data in the healthcare sector makes providers of all sizes attractive targets for cyberattacks. With email continuing to serve as a primary attack vector, organisations must ensure they have the means to detect incoming attacks and prevent them from reaching personnel and exploiting their user identities. A multi-layered approach that combines Zero Trust principles, AI-driven detection, and continuous staff training, healthcare will help healthcare providers to stay ahead of developing threats and safeguard patients against known and as yet unknown threats.
By Paul Drake, RVP sales, UK and Ireland at Barracuda
