Third of US data breaches happen in hospitals

null

After a recent series of aggressive phishing attacks on NHSmail, cyber security provider Cofense has compiled a new report using shared US client data to reveal how much of a danger future phishing attacks could become in the UK.

The report, entitled Say Ah: A Closer Look at Phishing in the Healthcare Industry, compares the resilience of the healthcare sector to phishing attacks with other industries monitored by the software provider.

Resilience is the ratio between users who report a phishing attack versus those that fall susceptible.

Over the past three years, the healthcare industry in the US' resilience rate has improved from 1.05 in 2015 to 1.49 in 2018. Despite these small improvements, healthcare still has the lowest resilience rate when compared to other industries with energy at 4.01, financial services at 2.52 and legal services at 2.50.

The report notes that high turnover could be a factor holding back the US healthcare industry's resilience rate. Doctors, nurses and administrative staff change positions constantly which can make it hard to gain traction in the fight against phishing.

Active threats from phishing emails

Cofense highlighted requests for invoices, emails posing as manager evaluations and emails reporting package deliveries as the three most active threats from phishing emails. Each of these threats imposes a sense of urgency and the report warns healthcare providers to stress this when educating employees to the dangers of phishing.

Back in April of 2017, Leeds Teaching Hospitals NHS Trust used a fake phishing email to see whether any of its 17,000 members of staff would be tricked into disclosing confidential information. 400 members of the staff (around 2.3%) responded to the phishing email and revealed sensitive information such as their passwords and network credentials.

Cofense's CEO Rohyt Belani explained the reasoning behind compiling the report, saying:

“The results are staggering and speak for themselves. When the U.S. sneezes the world catches a cold, and we hope this data can serve as an early warning sign for NHS Trusts to have appropriate anti-phishing measures in place. At present the healthcare industry is at specific risk, lagging behind other industries, as our findings show. With careful planning however these threats can be mitigated and repulsed very quickly.”