Notifications
Clear all
Topic starter
27/06/2026 1:13 pm
TL;DR: Business email compromise attacks on healthcare organisations increased by 279% in 2023, according to Abnormal AI, while sector leaders still have to balance HIPAA obligations, broad employee populations, and expanding AI-assisted attack pressure. The real issue is not email alone, but governance models that assume human identity risk stays compartmentalised and static.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Business email compromise attacks on healthcare organizations increased by 279% in 2023.
Questions worth separating out
Q: How should healthcare teams respond when business email compromise affects identity workflows?
A: Treat the event as an identity incident, not only a messaging incident.
Q: Why do healthcare organisations remain vulnerable even with email security tools in place?
A: Email tools can filter many malicious messages, but they do not eliminate trust in the processes that use email as an approval or reset channel.
Practitioner guidance
- Map mailbox-to-action pathways Identify which email events can trigger password resets, payment changes, or access approvals, then remove or harden those paths with step-up verification and workflow controls.
- Add verification to high-risk requests Require out-of-band confirmation for bank detail changes, privilege requests, and vendor instruction updates, especially where email is still the default channel.
- Correlate identity and email telemetry Join mailbox activity, identity logs, and privileged access events so a suspicious message can be investigated as a potential access incident, not an isolated email alert.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The CISO's healthcare-specific operating model for balancing HIPAA obligations with day-to-day security execution
- The on-demand discussion of how generative AI is being used by threat actors and defenders in healthcare
- The practical context behind protecting a 10,000-plus employee environment and its customer network
- The source webinar framing for security strategy, team structure, and risk prioritisation in a healthcare setting
👉 Read Abnormal AI's webinar on healthcare BEC, HIPAA, and AI-driven threats →
BEC in healthcare: what IAM teams need to do differently?
Explore further
27/06/2026 2:28 pm
Human email compromise is becoming an identity governance failure, not a mail-filter failure. In healthcare, a compromised mailbox can trigger password resets, payment redirection, and approval abuse because email still functions as a trusted identity channel. That means the attack lands in IAM, not just in secure email. Practitioners should treat BEC as an identity control problem that crosses access, workflow, and verification boundaries.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%.
A question worth separating out:
Q: What should healthcare security leaders prioritise before a BEC incident spreads?
A: Prioritise verification for the few requests that can change identity, money, or access outcomes. That means removing email-only authority from sensitive workflows, tightening privileged approvals, and ensuring identity and mail telemetry are reviewed together. The goal is to stop a compromised conversation from becoming a broader organisational decision.
👉 Read our full editorial: Healthcare email compromise is exposing identity governance gaps
