Brand Protection

    Healthcare’s High Risk of Brand Impersonation

    Healthcare brands and their suppliers/partners are especially susceptible to brand impersonation attacks. Here’s how health systems can fight back.


    Key Points

    • Hospital and healthcare systems are some of the world’s most trusted brands — and among the most attacked by brand impersonators. 
    • But overwork and shifting IT priorities have relegated cybersecurity to a back seat for many healthcare organizations
    • Healthcare companies need a renewed emphasis on cybersecurity awareness training, email security and brand exploit protection. 

    As employees get smarter about spotting common cyberattacks, hackers keep getting more creative. One of the more sophisticated types of attacks is brand impersonation, in which attackers pretend to be a well-known brand in an effort to get a user’s passwords, obtain sensitive information or install malware. Healthcare organizations face a far higher brand impersonation threat than other industries due to the combination of overworked staff, shifting IT priorities and an abundance of partners that can easily be impersonated.

    It’s important for hospitals and health systems to understand their risk of a brand impersonation attack — and to know the steps they can take to stop them.

    Recognizing Brand Impersonation Attacks

    Brand impersonation is a form of social engineering. Instead of searching for a software vulnerability to exploit, hackers try to trick an individual into divulging sensitive information by pretending to be someone the individual trusts. 

    One common brand exploitation attack is an email that pretends to be from your own organization’s help desk, says your password has expired and sends the recipient to a malicious URL that looks like the right login page but isn’t — so the attacker captures the recipient’s password. Other examples include hackers posing as an executive and asking an employee to transfer money or send sensitive information, such as W-2 files or patient records; and impersonating a business partner to ask an employee to send a copy of an invoice that includes bank account and routing numbers.

    Brand impersonation attacks are difficult to spot. They may include logos scraped from a brand’s website, URLs that use a brand’s domain name (or something very close), and/or a display name from a real person who represents the brand (often scraped from a site such as LinkedIn). In other words, they look like they could be real. 

    5 Reasons Healthcare Is Especially Vulnerable to Brand Impersonation

    Healthcare organizations are no strangers to cybersecurity threats. As healthcare research firm The Advisory Board notes, medical records can be more valuable to hackers than credit card numbers, as they contain enough information to set up a line of credit or take out a loan in a patient’s name.[1] 

    There are five reasons why healthcare in particular faces brand exploitation risks:

    1. The industry is understaffed. The American Hospital Association projects a shortage of 124,000 physicians by 2033, plus a need to hire 200,000 nurses each year to meet demand and replace retiring nurses.[2] Workers who must do more with less are unfortunately more susceptible to mistakes. “Healthcare CISOs must constantly ask themselves, ‘Will this proposed security control add steps to any clinicians’ process?’ Concerns about workflow and negatively impacting medical telemetry are paramount,” says Frederick Morton, formerly the CISO at a regional U.S. health system and now a Mimecast Enterprise Sales Engineer. 
    2. It’s common for IT teams at hospitals and health systems to focus on the knowledge base necessary for 24/7 operation of mission-critical systems such as telemetry, electronic health records and remote monitoring. This can lead to gaps in security training among IT teams, which translates to gaps in training for the rest of the staff.
    3. This knowledge base changed substantially in the last two years as healthcare organizations adopted telehealth, wearable devices and other technology to treat patients without coming into physical contact with them. With short-staffed IT teams focusing on new, mission-critical technology, security training has declined in importance. At the same time, notes Morton, widespread use of such relatively new technologies has dramatically enlarged health systems’ attack surface. 
    4. Healthcare has a complex supply chain. Third-party vendors may supply everything from food and laundry to basic medical equipment to multimillion-dollar equipment for operating rooms. Individuals across the organization interact with these vendors every day. In their fast-paced work, they may not notice a slight change to a domain name, corporate logo or “Reply To” address.
    5. Hospitals and health systems share information with a wide range of other healthcare entities, including insurers, pharmacies and public health agencies. The need and desire to share sensitive information in a timely manner, combined with a heavy reliance on email communication, only adds to the degree of potential mistakes for attackers to exploit. 

    How Healthcare Can Protect Against Brand Impersonation

    According to a 2020 Gallup poll, nurses and medical doctors are the most trusted professionals in the United States.[3] So, hospitals and health systems have important reputations to protect. What’s more, the institutions they work for have spent decades, and sometimes centuries, building trust with the patients and communities they serve. 

    All it takes is one high-profile cyberattack to break this trust, motivating patients to see a doctor at a competitive hospital. The best way to protect against brand impersonation is through a combination of people, process and technology. 

    People: Security awareness training goes a long way. For healthcare workers in a high-stress setting, training modules need to be short, engaging and entertaining, with a focus on the most pressing threats for their day-to-day work. Further, says Morton, automated remediation is key to maximizing a lean IT security staff.    

    Process: Administrative and technical safeguards can make it harder for data to fall into the wrong hands. For example, a hospital could set a policy that requires sensitive information to be shared through a portal or an encrypted email service.

    Technology: Perhaps the most important technology edge comes from best-in-class email security with sophisticated machine learning algorithms capable of recognizing the subtle indicators of brand impersonation. In addition, brand exploitation protection tools can block malicious domains, protect against cloned websites, take down suspicious sites and proactively scan for impersonation and fraud attempts taking place far beyond a health system’s perimeter. And to Morton’s point about automated remediation, off-the-shelf integrations based on open APIs are crucial to orchestrating automated response playbooks across best-in-class security systems from different vendors. 

    The Bottom Line 

    Healthcare organizations have some of the world’s most trusted brands. Therefore, they’re also some of the most at-risk for brand impersonation — and among the most attacked. With the right tools and best practices, including email security, a renewed emphasis on security training and brand exploit protection, hospitals and health systems can stay a step ahead of the hackers trying to exploit their brand for criminal gain. 



    [1]What hackers actually do with your stolen medical records,” The Advisory Board

    [2]Fact Sheet: Strengthening the Health Care Workforce,” American Hospital Association

    [3]U.S. Ethics Ratings Rise for Medical Workers and Teachers,” Gallup

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top