Third of US data breaches happen in hospitals

News
By
published

US healthcare industry susceptible to phishing and other cyber attacks

(Image credit: Image Credit: ElasticComputeFarm / Pixabay)

After a recent series of aggressive phishing attacks on NHSmail, cyber security provider Cofense has compiled a new report using shared US client data to reveal how much of a danger future phishing attacks could become in the UK.

The report, entitled Say Ah: A Closer Look at Phishing in the Healthcare Industry, compares the resilience of the healthcare sector to phishing attacks with other industries monitored by the software provider.

Resilience is the ratio between users who report a phishing attack versus those that fall susceptible.

Over the past three years, the healthcare industry in the US' resilience rate has improved from 1.05 in 2015 to 1.49 in 2018. Despite these small improvements, healthcare still has the lowest resilience rate when compared to other industries with energy at 4.01, financial services at 2.52 and legal services at 2.50.

The report notes that high turnover could be a factor holding back the US healthcare industry's resilience rate. Doctors, nurses and administrative staff change positions constantly which can make it hard to gain traction in the fight against phishing.

Active threats from phishing emails

Cofense highlighted requests for invoices, emails posing as manager evaluations and emails reporting package deliveries as the three most active threats from phishing emails. Each of these threats imposes a sense of urgency and the report warns healthcare providers to stress this when educating employees to the dangers of phishing.

Back in April of 2017, Leeds Teaching Hospitals NHS Trust used a fake phishing email to see whether any of its 17,000 members of staff would be tricked into disclosing confidential information. 400 members of the staff (around 2.3%) responded to the phishing email and revealed sensitive information such as their passwords and network credentials.

Cofense's CEO Rohyt Belani explained the reasoning behind compiling the report, saying:

“The results are staggering and speak for themselves. When the U.S. sneezes the world catches a cold, and we hope this data can serve as an early warning sign for NHS Trusts to have appropriate anti-phishing measures in place. At present the healthcare industry is at specific risk, lagging behind other industries, as our findings show. With careful planning however these threats can be mitigated and repulsed very quickly.”   

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Latest in News
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
More about security
botnet

Another top security camera maker is seeing devices hijacked into botnet
healthcare

Software bug meant NHS information was potentially “vulnerable to hackers”
A digital representation of a lock

The true threat of business downtime
See more latest
Most Popular
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 11 (game #373)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 11 (game #639)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 11 (game #1142)
botnet
Another top security camera maker is seeing devices hijacked into botnet
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well