Business Email Compromise (BEC) Attacks Continue to Increase in Healthcare

February 09, 2023 - Behind the transportation and automotive industries, healthcare employees were the most likely to read and reply to malicious emails, falling victim to business email compromise (BEC) attacks, Abnormal Security revealed in its H1 2023 Email Threat Report.

“Since business email compromise attacks first started in the mid-2010s, they’ve created challenges for organizations worldwide,” the report noted. “These text-based emails often bypass traditional security tools, and attackers have found increasingly savvy ways to take advantage.”

Across all industries, the median open rate for text-based business email compromise (BEC) attacks was nearly 28 percent, the report found.

Using internal data collected over a six-month period, Abnormal Security found that BEC attack volume grew by more than 81 percent over the past two halves. BEC attack volume has increased by 175 percent over the past two years alone.

Despite high BEC attack rates, the data showed that only 2.1 percent of all known BEC emails were reported. Researchers suggested that employees may not feel compelled to report malicious emails because they think someone else will report it, they believe it is not an issue since they did not engage with the email, or they fear being wrong about the nature of the email.

The healthcare sector had the third-highest attack reply rate according to this dataset, at 8.22 percent.

“The healthcare industry tends to attract individuals who have a stronger desire to help others—a characteristic that cybercriminals will gladly use to their advantage,” the report suggested.

“Further, there is a high rate of turnover in larger healthcare organizations and hospital systems, so employees are less likely to know their colleagues personally, making impersonation easier.”

Abnormal Security observed consistent upticks in BEC attacks across all sectors, regardless of organization size. In addition, the report highlighted the prevalence of supply chain compromise attacks, which occur when a vendor email account gets compromised, leading to occurrences like fraudulent invoice requests and requests to update payment information.

“While even the smallest businesses likely work with at least a few vendors, larger companies have supplier numbers in the hundreds or thousands,” the report reasoned. “And when every partner represents another entity that can be impersonated or compromised, it’s not surprising that the likelihood of an organization being targeted by sophisticated supply chain compromise attacks rises as company size increases.”

These attacks are especially common at organizations with more than 10,000 employees. Large healthcare organizations, which likely partner with a wide variety of vendors, should take note.

Having a robust security training and awareness program is crucial to mitigating the risk of BEC attacks. In addition, there are a variety of solutions available to help organizations filter malicious emails and prevent them from ever reaching an employee’s inbox.

“The same techniques that have been used for thousands of years to con people are the same tactics that are used today for email attacks. The only difference is that criminals are using a computer to do it,” Crane Hassold, director of threat intelligence at Abnormal Security, said in an accompanying press release.

“Human beings are relatively easy to manipulate, and employers’ expectations regarding the ability of the average employee to identify these modern attacks are far too high. It is much safer to prevent a threat from reaching an employee’s inbox than to rely on them to try to detect these sophisticated attacks on their own.”