Business Email Compromises: The Growing Threat in Healthcare

) • February 15, 2019     10 Minutes   

Business email compromise attacks are becoming far more common in the healthcare sector, says Rod Piechowski of the Healthcare Information and Management Systems Society.

With BEC schemes proliferating, "what we're realizing is that everyone is a potential victim," Piechowski, HIMSS' senior director of health information systems, says in an interview with Information Security Media Group at the HIMSS19 conference in Orlando, Florida.

"Over the last year or so, we've been seeing a sophistication in the attempts to create phishing emails that are very productive. ... The phishing targeting is much more sophisticated," he says.

"It's not a general shotgun approach where [attackers] send out thousands of emails. They are specifically looking at people within an organization, what their role is and who has access to money. That's been another major shift."

These socially engineered attacks are popular with cybercriminals because, for example, requests for funds transfers by fraudsters posing as CEOs or other executives can prove to be extremely lucrative if they're successful, Piechowski says.

Some emerging technologies can help in mitigating these risks, he notes. "Because the threat actors are watching our behavior, there's a lot of potential in artificial intelligence and machine learning to do the same on our behalf ... to watch our own behavior and watch for abnormalities in patterns of traffic and behavior on the network."

HIMSS' recent 2019 cybersecurity survey found that 74 percent of respondents had a "significant security event" in the last 12 months, he notes. "Everybody is affected by this."

In the interview (see audio link below photo), Piechowski also discusses:

Promising security technologies and best practices; Security challenges involving legacy operating systems; Other key findings from HIMSS' 2019 cybersecurity survey.

As senior director of health information systems at HIMSS, Piechowski serves as the senior staff liaison to several HIMSS committees and communities, including privacy and security. Previously, Piechowski was senior associate director of policy at the American Hospital Association and vice president of technology leadership at the National Alliance for Health Information Technology.