Case Study: Seattle Children's Hospital prevents BEC attacks and protects patient data with Proofpoint Email Fraud Defense

How Seattle Children’s Hospital utilized Proofpoint’s email fraud defense solution to fend off BEC attacks

Seattle Children’s Hospital identified email as its biggest cybersecurity blind spot after Gary Gooden became Chief Technology and Security Officer in 2019: business email compromise (BEC), phishing and ransomware were the primary attack vectors, visibility across internal traffic was limited, and the shift to remote work enlarged the threat surface. The organization lacked full implementation of protective controls such as DMARC and needed better people- and process-level defenses to stop domain spoofing and fraud targeting patients, partners and staff.

Partnering with Proofpoint, Seattle Children’s implemented an integrated email fraud defense—Targeted Attack Protection (TAP), DLP, TRAP, DMARC, and security awareness training—alongside new payment-verification procedures and external-message warnings. The EFD went live in June 2020 and blocked large volumes of malicious mail (about 78.3M reputation blocks and 54M content blocks from 158.9M inbound messages), TAP stopped ~5.9K attachment and ~29.3K URL threats, and 21.1M legitimate messages were delivered. The result: markedly improved BEC visibility and brand protection, reduced risk of spoofing and fraud, and an ongoing, maturing program to keep staff and patient data safer.

Seattle Children’s Hospital

Gary Gooden

Chief Technology and Security Officer