Global Cyber Alliance (GCA) conducted a recent survey that found that healthcare email security is still very weak. We are going to take a look at the most important findings from the survey and determine what this means for email protection and email threats.
Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber attacks and improving our global network security. It is a catalyst to bring partners of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. GCA's mantra "Do Something. Measure It" is a direct reflection of its mission to eradicate systemic cyber risks seen in malicious email with strong email security solutions.
Most major hospitals in the U.S. are not using advanced threat protection in regards to healthcare email security appliances.
The survey found that only 6 of the 50 largest public hospitals in the U.S. are protecting their email communications from spear phishing and targeted attacks that aim to trick patients into revealing sensitive data or expose data leaks. For-profit hospitals performed slightly better in that at least 22 of the top 48 for-profit hospitals have deployed the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol – a mechanism for defending against spear-phishing attacks – in a limited capacity. The GCA survey findings is troubling considering recent breach reports of business emails, such as Verizon's 2017 Data Breach Investigative Report (DBIR) that found that 15% of data breaches last year occurred in the healthcare sector.
In the report, email messages are the preferred tool of cyber-criminals.
This issue can be averted with implementations of secure email gate ways, spam filters, and email encryption. Despite these reports, most major hospitals still lack the necessary email security protocols to protect their PHI. Verizon also mentioned that 66% of malware found on healthcare networks was delivered by email attachments. A recent study by Agari highlights just how vulnerable the healthcare industry really is. The survey found that of those healthcare companies valued over $1 billion dollars only 15% have DMARC implemented. You would think that at that value, compliance requirements would be mandatory.
Security software is not an area that healthcare organizations can overlook.
With cyberthreats constantly evolving in sophistication and maliciousness, healthcare organizations must implement protocols such as DMARC, SPF (Sender Policy Framework), DKIM (DomainedKeys Identified Mail), and TLS to protect their emails. By having these threat intelligence protocols in place, there can be real-time efforts put into motion to stop persistent threats. To begin, look into making sure your email is HIPAA compliant.