The abundance of regulations governing the security of patient health records (including GDPR, HIPAA and various other federal, state and local regulations) make email security an organizational imperative.
Too many healthcare companies lack visibility into who is sending emails in their name and leave employees vulnerable to sophisticated advanced email attacks.
Email security defenses in the healthcare sector lag behind other industries, with healthcare organizations currently in the reaction stage of bolstering its defenses, according a recent Mimecast analysis.
What Mimecast found was that the healthcare sector’s email defenses aren’t as strong as other industries, with more than 16 percent of the inspected 2.2 million emails were seen as false negatives – spam and or contained malware or malicious content that still got through email filters.
For comparison, the other sectors saw an average of about 12 percent false negatives.
Some Alarming Statistics:
- Over 75% of healthcare industry has been infected with malware over last year
- Q4 2018, healthcare organizations were targets for email fraud attacks 473 percent more often than in Q1 2017
- 90% of ransomware is delivered via email
- There is a hacker attack every 39 seconds
- 43% of cyber attacks target small business
As our industry grapples with this problem, the number of damaging data loss events are only accelerating. From the massive Deloitte hack that compromised the emails of an estimated 350 clients, to 73 healthcare-related data breaches reported to HHS this year, these high-profile breaches are a wake-up call that email security must be a top-priority initiative. So why haven’t companies made the investment to reverse this trend and deploy more secure email communications?
Understanding Email Security
Because of its ubiquity and inherent vulnerabilities, email is a popular vector for cyber attacks. These attacks can include:
- Malware, such as viruses, worms, Trojan horses, and spyware. When attacks using these vectors succeed, an attacker can take control of workstations or servers. This access can then be exploited to compromise otherwise secure information.
- Spam, which can be disruptive to worker productivity, and can also serve as a transportation method for malware.
- Phishing, which entails the use of computer or social engineering tricks to convince victims to disclose sensitive information, or to provide access to sensitive systems.
Email security is the set of methods used for keeping email correspondence and accounts safe from these attacks.
Best Practice Email Security: Healthcare
Healthcare organizations need to employ a three-pronged security approach. Gardiner explained that it starts with defensive tech, which is currently lagging behind the times. After, they should focus on their people.
“The security program hasn’t been a strong aspect with health providers as much as it has in financial services; it’s a training aspect,” said Gardiner. “Phishing exposes technology. And if your tech doesn’t catch it, then it’s up to the people.”
The third angle is the sophistication of business practices. Gardiner stressed that “if if you’re weak in all three areas, the attack gets in, and there are no checks and balances…. Weaknesses in all three areas becomes exposed.”
Health organizations need to focus on general security controls, such as keeping sensitive data in a fewer number of places, encrypting it at rest, access controls, patching, and the like. Gardiner explained that they should pivot to phishing and ensure that their anti-phishing tools has been evaluated within the last year, as “the attacks and the tech have changed.”
LionsGate Can Help
Lions Gate Technology is able to close critical security gaps like no other Healthcare IT company. We deliver first class wireless network security solutions that free you from the worry over the safety of your practice. Our cybersecurity solutions are designed to provide a continual layer of security and compliance oversight for practices of all sizes based on their security needs.
Our Cybersecurity Services
- Identify and address weaknesses in all of your technology systems
- Comply with relevant data protection and other regulatory requirements
- Protect all your confidential client and patient information
- Help you securely process, transmit and store cloud-based records and data
- Ensure you comply with HIPAA, 201 CMR 17.00, SOX and other regulatory requirements
- Keep your data safe from viruses, malware, adware, and ransomware
- Wireless (WiFi) security
- Network security
- Email Security- 90% of ransomware is via email
- Mobile device security