Inbound email security protects sensitive patient information from inbound email threats, such as phishing emails, malware, and other cyberattacks. Healthcare organizations are a prime target for cybercriminals due to the value of their data, making inbound email security a critical component of their overall security strategy.
Inbound email security is a challenge for healthcare organizations
Healthcare employees are highly susceptible to phishing attacks for several reasons. According to the Verizon 2022 Data Breach Investigations Report, 82% of breaches involved the human element, including social attacks, errors, and misuse.
According to a report from IBM Security, the healthcare industry is the most targeted for cyberattacks, with 74% of healthcare organizations reporting a data breach. Cybercriminals often conduct sophisticated attacks that are specifically designed to target healthcare employees and trick them into divulging sensitive information or clicking on a malicious link. For example, Highmark Health recently became a victim of a phishing attack that affected nearly 300,000 patients when an employee clicked on a link in an email.
Why do cybercriminals target healthcare organizations?
There are several reasons why cybercriminals target healthcare organizations, specifically to obtain protected health information (PHI) and personally identifiable information (PII).
This can be used to commit identity theft and financial fraud. For example, a cybercriminal may use stolen PHI to open credit card accounts or take out loans in the victim's name. They may sell the data on the dark web to other criminals who specialize in identity theft.
Another reason is to use the data for targeted attacks, such as spear-phishing or business email compromise (BEC). In a spear-phishing attack, the attacker may use the stolen PHI to craft a convincing email that appears to be from a trusted healthcare provider, luring the victim into clicking on a link or downloading an attachment that contains malware. In a BEC attack, the attacker may use the stolen data to impersonate a healthcare provider or employee and request that funds be transferred to a fraudulent account.
An attacker may also use ransomware to encrypt critical patient data and demand a ransom payment to restore access, or they may launch a DDoS (distributed denial-of-service) attack to disrupt the availability of healthcare services.
Likely inbound email security threats
There are several common threats to keep an eye out for, including:
Phishing
Phishing uses email to trick employees into divulging sensitive information, such as login credentials or protected health information (PHI). Phishing emails may look like legitimate emails from healthcare providers, insurance companies, or government agencies. They use social engineering techniques to trick staff into clicking on links or downloading attachments.
Ransomware
Ransomware attacks are a major concern for healthcare organizations, as they cause significant disruption to patient care and often result in the loss of critical patient data. Ransomware attacks are delivered through email attachments or links. Once activated, the malware can encrypt files and demand a ransom payment in exchange for the decryption key.
Data breaches
Healthcare organizations are at high risk of data breaches due to the large amounts of PHI and PII they handle. Data breaches, like the Highmark Health example mentioned above, can occur when cybercriminals gain access to email accounts or networks, resulting in the theft of sensitive data that can be used for identity theft, fraud, or other malicious purposes.
How to protect against inbound email threats
DMARC
DMARC is a standard email authentication that, according to Google, "helps mail administrators prevent hackers and other attackers from spoofing their organization and domain."
Anti-display name spoofing tools
Display name spoofing attacks impersonate employees or departments and anti-spoofing tools. For example, ExecProtect quarantines any email that shares the display name and is from an unapproved email address.
Zero trust email security
Zero trust is a framework that requires multiple levels of authentication beyond standard authentication like DMARC. Zero trust email operates in the same way, assuming the need for multiple forms of authentication that an emailer is who they say they are.
Geofencing
When it comes to inbound email security, Geofencing sets a virtual location-based boundary around and quarantines any incoming emails from outside of that boundary.
Access controls
Access controls involve setting up policies and procedures to limit access to sensitive data to authorized personnel only. While this won't protect against malware, it does mitigate sharing of patient data by untrained staff.
Employee training
Healthcare organizations can educate their employees on recognizing and responding to inbound email security threats, such as phishing emails. Employee training can include simulated phishing attacks to help employees identify and avoid real phishing emails, as well as training on how to report suspected security incidents.
Training and tools can lower the inbound risk
Because Healthcare professionals work in highly stressful and demanding environments, it's difficult for them to find the time to carefully review incoming emails, which may leave them more vulnerable to phishing attacks. Additionally, healthcare professionals use email to communicate sensitive patient information, making healthcare organizations a prime target for phishing attacks.
This highlights the need for automated inbound email security as a technological solution alongside further employee training to keep patients and healthcare organizations safe.
Dean Levitt
