Back to All Research

Healthcare Organizations Experience 279% Increase in Business Email Compromise in 2023

Healthcare organizations are prime targets for attacks, especially socially-engineered threats like business email compromise. Learn more about BEC attacks targeting healthcare.
September 26, 2023

Healthcare is a laudable industry—helping alleviate patient suffering, improving health outcomes, and keeping a highly complex, interconnected system running. But cybercriminals see things differently. They recognize that healthcare organizations house valuable data and abhor slow-downs in their operations. This makes them prime targets for attacks, especially socially-engineered attacks like business email compromise, known as BEC.

According to Abnormal data, the healthcare industry is experiencing a 167% increase in advanced email attacks in 2023, which includes BEC, credential phishing, malware, and extortion. While the year isn’t over yet, this signals the need for more sophisticated security to protect patients, employees, and the organizations themselves.


The median number of advanced email attacks rose in early 2023 for the healthcare industry, starting the year with an average of 55.66 attacks per 1,000 mailboxes in January and peaking in March at over 100 attacks per 1,000 mailboxes. Numbers dropped to more consistent levels of nearly 61.16 attacks through the rest of the year. But if last year is any indication, these numbers are going to continue to rise until the holiday season, when cybercriminals will take a short break before starting their work again in the new year.

Social Engineering Attacks Increase by 279% for Healthcare

Throughout a typical year, cyberattacks ebb and flow. It’s entirely possible that the number of sophisticated attacks will dip over the 2023 winter holiday season, but even so, the overall number of sophisticated BEC attacks is significantly outpacing 2022.

Text-based BEC attacks do not have the volume of credential phishing or malware—accounting for less than one attack per 1,000 mailboxes—but they are on the rise. Last August, the healthcare industry received a median of .54 BEC attacks each week, but that number jumped 54% to .83 attacks a year later. And when looking at data only from January-August, the number of attacks increased significantly, with an average of only .22 attacks last year to .84 attacks this year—an increase of 279%.


While the volume of BEC is minimal relative to other email attacks, it remains the most dangerous attack type because it often leads to direct financial losses at an average of $125,000 per attack, according to the latest research from the FBI. Identifying and stopping BEC is increasingly important, but made difficult by the fact that these attacks are often text-based, sent from legitimate domains, and lack traditional indicators of compromise like a suspicious link or malicious attachment. In many cases, they are simply looking for information that can then be used for another attack, like in this recent example stopped by Abnormal.

We’ve seen an increased number of requests for aging reports, and healthcare is no exception. In this email, the attacker is impersonating the President and CEO of a healthcare network with more than 200 locations throughout the United States. The email requests that the recipient send a copy of all updated aging statements for customers, including the email addresses for the corresponding account payables department.


While this email may look innocuous at first glance, it can lead to disastrous consequences. If the recipient were to respond with this information, the attacker would then have legitimate contact and invoice information for all customers of the health network, which would enable them to create realistic emails requesting that the outstanding payments be diverted into the account owned by the attacker. Given how large this health network is and how many patients they see each day, a successful attack like this could result in millions of dollars lost before the network realizes that there is an error in the payments their customers are sending.

Defending Healthcare Organizations Against Sophisticated Email-Based Attacks

If 2022 is any indication, the healthcare industry should be prepared for an additional influx of attacks in the latter half of this year. Fortunately, there are solutions available to prevent these attacks from reaching doctors, nurses, and healthcare staff. By embracing sophisticated cloud email security, healthcare organizations can dramatically improve their cybersecurity practices.

Abnormal Security leverages artificial intelligence and machine learning to create a baseline of good behaviors. By understanding what’s normal, Abnormal can detect anomalous activity and block business email compromise, invoice and payment fraud, malware, and other email-based threats before they reach your employees.

See other trends impacting healthcare in the latest email threat report; Applications Abound: Average Organization Now Integrates 379 Third-Party Applications with Email.

B AI Healthcare Orgs BEC Increase

See How Abnormal Stops Emerging Attacks

See a Demo

Get the Latest from Abnormal Intelligence

Subscribe to our monthly newsletter to receive the latest insights from our team directly in your inbox.