Cybercriminals switched tactics in the fourth quarter, but ransomware techniques could return as a significant threat.
Proofpoint analyzed more than 100 million ransomware emails sent to hospitals, clinics and health insurers in the 12-month period ending March 31, 2018.
Here are six key findings from the report.
1. There was a high instance of business associates such as surgical groups, orthopedic partners and dentists being impersonated.
2. Almost one in five emails claiming to be from a healthcare organization was fraudulent. Approximately 8 percent of fraudulent emails impersonated the email domain of a healthcare institution.
3. More than three-fourths of attempts at email fraud used “payment,” “request,” “urgent,” or “FYI” in the subject line.
4. Swapping characters such as “I” and “L” was a common way to create lookalike domains.
5. Attackers attempted to steal protected health information by using a trusted domain to send malicious messages; designing an email’s “from” field to fool recipients; and registering a domain that looks like a trusted one.
6. Locky was the top ransomware variant. Other malware families targeting healthcare organizations included The Trick, Global Imposter, Pony and Hancitor.
More articles on improving performance:
3 insights into ophthalmology best practices from Wills Eye Hospital
Surgery Center of Quincy locked down after bomb threat — 4 insights
Examining the quality metrics of 10 Massachusetts endoscopy centers