Hospitals have long been under extensive cyber attacks. Because they hold personal patient data, hackers know the high cost of a breach in a hospital and its regulatory implications, and accordingly make the assumption that hospitals are more likely to pay for ransomware.
But over the last few weeks, the volume of sophisticated attacks seems to have increased. For example, as seen from the weekly graph below from a major hospital in California, they experienced a 700% increase in the number of malicious files that bypass Microsoft 365. (In this case, the hospital is using Avanan to protect their Microsoft 365 tenant and all attacks were blocked by Avanan before reaching the end-user’s inbox.)
Avanan researchers have found that 42% of breaches currently being investigated by HHS started with email. Email is by far the weakest link when it comes to the first way of entry in compromising the hospital. Once the hackers are in via email, they normally try to spread until they find the most painful account to compromise. This imposes another challenge to hospitals because if they rely on traditional Secure Email Gateways, those tools are blind to internal email traffic and the communication on the other Microsoft 365 applications, like OneDrive, SharePoint and Teams. Therefore, once in, hackers can continue spreading easily to other accounts.
A hospital is unique in one more aspect. Several of our hospital customers reported a lack of IT-security awareness and discipline when it comes to doctors. When they get a file that has information on an MRI, in their mind they are not concerned if it's phishing—they have important, sometimes life-and-death decisions to make. Additionally, hospital staff are often working around the clock, especially now during the COVID-19 health crisis. Tired and distracted, hospital employees are prone to falling for phishing scams.