The healthcare sector has become a target for both low-level and occasionally spectacularly successful cyberattacks. Hospitals, insurers, medical supply chains, service and medical providers are prime targets for threat actors, with email phishing attacks, ransomware, and data breaches on the rise. In 2024, 94% of U.S. healthcare organizations experienced a cyberattack, with the average cost per organization at $4,740,000, up 5% from the previous year. National security bodies predict that cyberattacks on healthcare and other critical infrastructure are likely to triple in the coming years.
A permanent fixture of the attack landscape, phishing, in which bad actors pretend to be the companies they are targeting, is the most significant cyber threat, responsible for an estimated 60% of all healthcare breaches. Ransomware attacks, which most often begin with phishing, are particularly damaging and also crushingly costly to remediate: the 2024 Change Healthcare breach affecting hundreds of millions of individuals also caused widespread disruptions. As such, email security – a weakness for many healthcare organizations – must be prioritized, including measures to combat these threats such as:
- Multi-factor authentication (MFA),
- Robust, protocol-driven email security policies (e.g. DMARC, SPF, DKIM),
- AI-driven threat detection,
- Regular employee cybersecurity training.
Cybersecurity in healthcare: Growing risks
The healthcare industry’s increasing transformation to digital systems has revolutionized patient care, data sharing, and just in time delivery, but in parallel many of these benefits come with significant cybersecurity risks. Outdated systems, combined with high value of electronic protected health information (ePHI), make healthcare organizations prime targets for threat actors.
The current threat environment
Bad actors operate by exploiting gaps and seams in security, using both common and advanced tactics, including social engineering, email phishing scams, often delivering damaging ransomware attacks. The scale and sophistication of global cybercrime is astonishing, with combating cybercrime now a feature in many national security strategies. Open source and national security intelligence estimates predict that cyberattacks against the critical infrastructure sector will triple in frequency and impact.
The financial value of ePHI on the black market (medical records can sell for $60, $15 for a Social Security number and $3 for a credit card), reliance on outdated legacy systems, the expansion of services that depend on data, growth through acquisitions, often underresourced hospitals, and a lack of cybersecurity awareness among staff will continue to make the healthcare industry a high-value target for cybercriminals.
Threats targeting in healthcare
- Email phishing attacks: Phishing is the most common cyber threat in healthcare, accounting for over half of all security breaches. Attackers use fraudulent emails and messages to deceive healthcare workers into disclosing login credentials or clicking on malicious links. A recent HHS report detailed BEC as among the most costly and prevalent attacks against healthcare.
- Ransomware and data breaches: Ransomware attacks can lock down critical hospital systems, forcing organizations to pay a ransom or face major operational disruptions. The 2024 Change Healthcare ransomware attack, which affected over 190 million people and cost more than $2 billion USD and counting, highlights the devastating impact of such breaches.
- Poor email security: Our research indicates that 73% of recently breached healthcare organizations lack a DMARC policy of p=reject (enforcement), making them susceptible to BEC, email spoofing, and domain impersonation. This allows cybercriminals to pose as trusted contacts and carry out phishing attacks.
The path forward
To enhance cybersecurity, healthcare organizations should:
- Implement multi-factor authentication (MFA) to prevent unauthorized access.
- Adopt DMARC, SPF, and DKIM to bolster email security and prevent phishing attacks through a provider like Red Sift.
- Use attack surface management systems to identify and protect their digital estate.
- Have policies in place to handle challenges like BEC.
- Invest in AI-driven threat detection systems to identify cyber threats in real time.
- Conduct regular cybersecurity training to educate employees on organizational policies and recognizing phishing attempts.
A five step model for phishing defense
Pillar | Description |
Email security | Deploy DMARC, SPF, and DKIM alongside phishing protection and advanced ransomware detection for inbound email. Red Sift OnDMARC makes it easy, enabling enforcement within 6-8 weeks. |
Decrease human errors | Block access to phishing websites, prevent malware downloads, and provide time-of-click protection against malicious links. Use blacklists and real-time content analysis. |
Improve employee education | Educate employees on phishing tactics, improve detection and reporting of phishing emails, and strengthen the human element of security through ongoing training and simulations. |
Enable multi-factor authentication (MFA) | Provide additional layers of security by requiring extra authentication beyond passwords, such as one-time codes, biometrics, or security keys, to prevent unauthorized account access and lateral movement. |
Deploy Zero Trust | Assume that no user or device should be trusted by default. Enforce strict identity verification, least privilege access, continuous monitoring, and segmentation to prevent unauthorized access and lateral movement within a network. |
The flatline
The healthcare industry faces consistent and rising cyber threats that will only increase with technological sophistication. Without robust email security policies, employee training, and advanced cybersecurity defenses, organizations risk further spectacular data breaches that could compromise financial stability, privacy, and even patient safety. Healthcare providers must take immediate action to safeguard sensitive data and ensure operational resilience.
Not sure where to start? Check your DMARC status for free with Red Sift Investigate and ensure your organization (and your patient’s data) remains secure today.
