Notifications
Clear all
Topic starter
27/06/2026 1:16 pm
TL;DR: Healthcare email fraud remains hard to distinguish from legitimate communication, and attackers continue to refine account takeover and compromised-account abuse tactics, according to Abnormal AI's webinar with Rick Doten of Centene. The control gap is less about message volume than about identity and behavioural trust models that still assume familiar-looking email is safe.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should healthcare teams reduce risk from compromised email accounts?
A: Healthcare teams should combine strong authentication with behavioural monitoring of mailbox activity, forwarding rules, and sending patterns.
Q: Why do compromised accounts make email fraud harder to detect?
A: Compromised accounts are hard to detect because they inherit the organisation's normal sender relationships, tone, and operational context.
Practitioner guidance
- Correlate mailbox behaviour with identity state Tie email telemetry to authentication, device, and session signals so an account that suddenly changes recipients, timing, or forwarding behaviour is flagged quickly.
- Monitor mailbox rule and delegation changes Treat new forwarding rules, delegation grants, and suspicious inbox automation as containment triggers.
- Add behavioural signals to fraud triage Use message content, sender history, and normal interaction patterns together, rather than relying only on link or attachment inspection.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Rick Doten's discussion of why email fraud is rising in healthcare and which attack methods are proving most concerning.
- The behavioural data science approach the webinar uses to explain how emerging threats evade traditional detection.
- Practical guidance on preventing account takeover attempts now and in the future.
- The on-demand viewing path for teams that need to brief internal stakeholders or earn CPE credit.
👉 Read Abnormal AI's webinar on healthcare email fraud and account takeover →
Healthcare email fraud and account takeover: what teams need now?
Explore further
27/06/2026 2:34 pm
Healthcare email fraud is fundamentally an identity trust failure, not just a spam problem. The article's framing shows why compromised accounts are so dangerous: the message looks normal because the identity behind it is already trusted. That makes static message filtering insufficient on its own. Practitioners should treat sender trust as conditional on live identity integrity, not on mailbox ownership alone.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: How do organisations know whether behavioural email detection is working?
A: Behavioural detection is working when it catches unusual sender behaviour, mailbox rule changes, and identity-context mismatches before staff receive or act on malicious messages. The best signal is not raw alert volume but whether the programme can separate normal healthcare communication from compromised-account activity quickly enough to reduce exposure.
👉 Read our full editorial: Healthcare email fraud and account takeover are still outpacing controls
