Report: Healthcare Is Failing At Email Cybersecurity

By Megan Williams, contributing writer

Combating issues of cybersecurity in healthcare starts with identifying and closing up areas of weakness. One of the biggest is email, and a recent report from Agari addresses the question of email security and threats across multiple industries, with a particular focus on the unique vulnerabilities (and poor performance) of healthcare.

Healthcare Findings

A quick review of the report makes it evident that healthcare threats are in a class of their own.

For example, an email that looks like it comes from a healthcare company is four times as likely to be fraudulent as those that come from social media companies like Twitter — and apparently users know this. Of the healthcare companies surveyed, 30 percent received a TrustScore of zero, making it the lowest ranking industry of the 11 industries included. Aetna, however, was an exception, with a perfect score of 100 in both Q3 and Q4 of 2014.

The report also includes a visual representation of the scoring, with the bottom of the pyramid representing companies with a TrustScore less than 50. The accompanying list has a heavy showing of healthcare organizations.

Email, Overall

While email security did improve in 2014, many organizations still fall short in implementing the technology that will keep cyber criminals at bay. Healthcare has been relatively fortunate so far, with most criminals focusing on customers of major banks.

Those attacks started in the U.S. in Q1 and Q2, and moved into Europe in Q3 with email-spoofing attacks that make up a fivefold increase in that type of cybercrime. As the report states, “These spikes illustrate the unpredictability and brute force of email forgers as they decide which industries to target and when.”

Similarly, the payments industry saw a 23-fold increase in attacks between the second and fourth quarters of 2014.

While progress has been made, it’s been slow, and mostly focused around the use of three, major standards of email authentication, SPF, DKIM, and DMARC.

• SPF (sender policy framework) allows companies to decide which servers send emails using their domain
• DKIM (domain keys identified mail) is more complete than SPF. It offers improved sender verification and gives companies the ability to insert encrypted signatures into messages that are then unlocked by receivers.
• DMARC (domain message authentication reporting and conformance) is the most secure, adding another layer on top of SPF and DKIM. It involves publishing a document on company servers that services providers must query whenever someone receives a message from the originating company.

More details on these three protocols are available on page 13 of the report.