The last time I discussed cybersecurity efficiency in healthcare, I detailed the importance of tracking the human attack surface. This is critical because it helps you focus security efforts on what’s really going on in the threat landscape. When you know attackers’ actual targets and why they’re interested in them, you can adopt a human-centric security strategy and make better use of your limited resources.
These elements are critical to this type of approach:
- A baseline of human-centric data to track
- The ability to monitor for deviations that signal a change in the threat landscape
- The opportunity to adjust to conditions
Now it’s time to look at larger trends in the healthcare industry. This blog goes into detail about what recent Proofpoint research has uncovered about where attackers are focusing their efforts.
Analyzing our data
For our healthcare industry research in 2023, Proofpoint created a healthcare peer group of over 50 similar hospital systems to track within the Proofpoint Targeted Attack Protection (TAP) platform. We meticulously analyzed “people data” from these systems. Our goal was to identify cyberattack patterns and trends. Here’s what we tracked:
- Attack index
- Click rates
- Malicious message volume
- Total clicks across various departments
After analyzing the data, we learned that attackers tend to target people in finance-related and VIP job roles. Their interest in these users made sense, so that became our baseline.
When we reviewed healthcare peer group data from the first quarter of 2024, we saw an excellent example of deviation from that baseline. This also highlighted a possible shift in attackers’ focus in the healthcare industry.
The data: attacks on certain roles surged
At a taxonomy department level, “pharmacy” job roles advanced from the number 35 rank in the per-user attack index average in 2023 to the top spot in the per-user attack index average in Q1 2024. VIP job roles rank second, while finance services roles rank fourth.
The top four departments by average attack index and click rate in 2023 vs. Q1 2024.
The data that we collected in Q1 2024 shows a dramatic surge in all tracked indicators for the pharmacy job role. Here are some of our key findings.
- 80% quarter-over-quarter increase in malicious message volume
- 46% increase in quarter-over-quarter attack index average
- 35% increase in total clicks from the quarterly peak in 2023
If the attack index is measuring what it is designed to measure, then pharmacy job roles are seeing dramatically more specific, sophisticated and severe attacks so far this year.
Pharmacy average attack index trend, Q4 2022 to Q1 2024.
Pharmacy malicious message volume trend, Q4 2022 to Q1 2024.
Pharmacy total clicks trend, Q4 2022 – Q1 2024.
The start of an emerging trend?
The dramatic shift in attackers’ focus that we observed in Q1 2024 is unique to pharmacy titles and job roles. Our knowledge of the prior baseline illuminates this shift.
Industry events and dynamics can have an impact on the potential risk of attack for specific user groups. Attackers’ surging interest in pharmacy job roles in February and March may be due to prescription drug shortages in the healthcare industry. It may also be a sign of an emerging trend that the healthcare industry should monitor throughout the rest of this year.
A human-centric approach gets better results
With a human-centric security approach and knowledge of shifting attacker interest and success (total clicks), you can adjust your controls and become more effective at monitoring at-risk users.
If you want to learn more, check out our human-centric cybersecurity solutions for healthcare from Proofpoint. And be sure to read our Q2 Healthcare Threat Briefing. It provides insight into recent threat intelligence that is specific to pharmacy services in healthcare. It also includes best practices to help you improve cybersecurity resilience and more.