top of page

4x Increase in Phishing and Deception Domains Targeting Healthcare Industry

The University of Michigan Health recently found that the PHI of approximately 33,850 patients has potentially been compromised in a phishing attack. Four employees responded to phishing emails, visited a malicious website, disclosed their Michigan Medicine login information, and responded to the multi-factor authentication prompts, which allowed their accounts to be accessed.

DNSFilter Security

(source: DNSFilter)

DNSFilter has seen significant increases across healthcare threat types in 2022 - it paints a picture of targeted phishing and deception tactics. Rebecca Gazda, Senior Director of Data Science/Domain Intelligence at DNSFilter, shared her expertise on the trends the industry is observing:

Rebecca Gazda, DNSFilter

“We saw a 4-fold increase in phishing and deception domain queries from healthcare and medical customers in June 2022 and a smaller spike in August 2022. These dates correspond with several high importance deadlines in healthcare around CMS, HEDIS, and NCQA reporting requirements. This leads us to believe that threat actors are capitalizing on the urgency and impact of these deadlines to trick users into releasing their information. The marked increase also comes at a concerning time as the 21st Century Cures Act went into effect in October, forcing all healthcare systems and vendors to make any electronic health information on a patient shareable. The free flow of patient data is only as secure as the underlying DNS layer and attackers have their eyes on this lucrative target to deploy malicious domains, commonly in the form of malware, ransomware, phishing scams and zero-day attacks. Today, more than 70% of attacks impact the DNS layer. A successful attack can shut down operations, steal vital information, result in sizable costs, and most importantly, impact patient lives.”



bottom of page