When It Comes to Email Security, Healthcare Orgs Must Stay Vigilant

By and large, security persists as a major area of concern for the healthcare industry. According to the 2019 HIMSS Cybersecurity Survey, 82 percent of hospital respondents and 64 percent of nonacute providers reported that, over a 12-month span, they had experienced a “significant security incident.”

Twenty-seven percent of hospitals said that online scam artists employing phishing tactics targeted business email accounts. What’s more, in Q4 2018, healthcare organizations were targets for email fraud attacks 473 percent more often than in Q1 2017, according to Proofpoint’s “Email Fraud in Healthcare 2019 Report.” A deeper dive into the latter report found that 45 percent of all email sent from healthcare-owned domains in Q4 2018 appeared “suspicious,” including the bulk of emails to employees and 42 percent sent to patients.

Additionally, recent research published on JAMA Network Open found that roughly 1 in 7 simulated phishing emails were clicked on by employees, a number the study’s authors called “notably high.” While hackers’ strategies for infiltrating target organizations’ data and IT systems continue to evolve, old-fashioned attack methods are far from obsolete.

MORE FROM HEALTHTECH: Are passwords still reliable for healthcare IT security?

Follow the Trends

Camarena Health in Madera County, Calif., a community healthcare ­provider that’s grown from three clinics to 14 over the past seven years, now uses a mixture of on-premises and cloud-based security solutions to help protect its expanding environment. Email is one of Camarena’s primary emphases, especially as it looks to address data sprawl and ensure the safekeeping of protected health data.

According to data from Mimecast’s December 2018 email security risk assessment, 1 in 350 emails to healthcare organizations was flagged as an impersonation, while 1 in 3,741 emails contained malware. Providers must make it a point to follow these trends closely and react accordingly.