The Latest Phishing Landscape in Healthcare

Staying ahead of emerging threats in the cybersecurity world can be like playing a continuous game of whack-a-mole at the carnival. The increase in the number and sophistication of attacks, the deployment methods, types of phishing attacks and focus on AI and Cloud credentials make for unprecedented cyber threats on the healthcare industry across the globe.

Phishing By The Numbers

Our trusted vendor, Sophos, reports that phishing attacks have shown record growth in recent years. In 2024, phishing attacks were reported in 79 healthcare providers, impacting millions of patients. For Credential phishing, in particular, “incidents surged by more than 700%, powered by generative AI tools that can instantly create convincing emails, fake login pages and text messages.” In 2025, phishing remains a top cybersecurity threat in the healthcare sector, with attackers employing increasingly sophisticated tactics to steal sensitive patient data. While traditional email phishing is still prevalent, attackers are also leveraging SMS phishing, spear phishing, business email compromise (BEC), and even AI-powered voice cloning for vishing attacks. The frequency and intensity of these attacks are not the only things that are increasing. The price tag of these attacks is also on the rise. According to the 2024 IBM Report, average losses have reached nearly $10 million per incident.

Phishing Trends 2025

Here’s a quick overview of some of the most recent trends in phishing that could be impacting your business. Sophos offers phishing attack simulation and training for end users, educating and testing them through automated attack simulations, high-quality security awareness training, and actionable reporting metrics. Some of the most recent phishing trends that simulations and training can help prevent include:

Credential phishing involves stealing credentials, particularly targeting cloud-based services such as Microsoft 365 and Google Workspace. These phishing attacks have surged by more than 700% in 2024, making them a top trend to be aware of.

Business Email Compromise (BEC) is a phishing scam where a malicious actor creates fake email addresses or compromises legitimate ones to appear as someone the victim trusts. These types of attacks often target financial and healthcare fields where sensitive data may contain payment information. 2024 Reports have BEC prevalence at a staggering 64%, with 64% of businesses reporting facing BEC attacks.

AI-Powered Phishing Attacks - AI deepfakes have increased by 15% in the last year. These attacks often target high-value individuals in finance and HR. According to HealthCareITNews, “healthcare systems are especially vulnerable. Their large, decentralized workforces and networks of third-party vendors create constant, legitimate-seeming reasons to request credentials.”

HTTPS Phishing - These types of attacks focus on creating fake websites that utilize the HTTPS protocol, making them appear legitimate and secure. In 2024, approximately 80% of phishing websites use HTTPS, which complicates detection for users.

The healthcare industry is one of the top targets for phishing attacks. Robust security protocols, ongoing training and utilization of the right tech tools can help protect your organization. Need help with security issues? Contact us at 978.219.9752, fill out our contact form or drop by and see us at our office on Pulaski Street in Peabody, MA.