Fewer than one in 10 European clinics and hospitals have adequate protection from phishing and spoofing, putting highly sensitive data at risk of ransomware attacks, according to new research.
Only 144 (7.2%) of the 2,000 healthcare facilities included in the research by email security provider EasyDMARC were found to have correctly implemented and configured security policies to flag, report and remove outbound phishing emails.
Some 645 (32%) of the organisations had implemented the domain-based message authentication, reporting and conformance (DMARC) standard established in 2012. This standard enables the automatic flagging and removal of receiving emails which are impersonating senders’ domains.
A total of 361 organisations (18%) had implemented DMARC but had not configured it to deal with impersonating emails, while 140 (7%) had configured it to send such emails into quarantine. As a result, these organisations lacked visibility into any phishing or impersonating emails received or blocked.
Susceptible to breaches of sensitive data
Commenting on the research, Gerasim Hovhannisyan, EasyDMARC CEO and co-founder said: ‘Impersonating email domains is one of the most effective ways cybercriminals bypass organisational cyber defences through phishing, spoofing, and ransomware attacks. Far too many organisations are overlooking a vital tool in effectively preventing this present and persistent danger.
‘With stories of ransomware attacks increasingly dominating headlines, the apparent absence of domain authentication renders these organisations susceptible to breaches of highly sensitive, valuable and potentially costly data. Without the adoption of DMARC or similarly effective policies, the sector will continue to see an increase in cyber events and subsequent disruptions and losses.’
Internationally, 54% of the top 100 global clinics and hospitals have adopted and implemented DMARC.