New research reveals healthcare providers consider email a top attack vector
78% Surveyed experienced malware or ransomware attacks
Watertown, MA – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, announced today the results of a Mimecast study conducted by HIMSS Analytics that revealed that U.S. healthcare providers overwhelmingly rank email as the number-one source of a potential data breach. Alarmingly, 78 percent of respondents have already experienced an email-related cyberattack in the form of ransomware or malware, or both, in the past 12 months – in many cases with more than a dozen instances. Not surprisingly, based on these findings, 87 percent expect email-related security threats to increase or significantly increase in the future.
Reflecting recent high-profile attacks, such as WannaCry and Petya, which in some cases shut down entire hospital operations, 83 percent of respondents say ransomware is the most concerning type of email-related threat, followed by other sophisticated threats in this order: malware, targeted attacks such as spear-phishing, and business email compromise.
Further, 97 percent of healthcare providers have a high level of concern about cybersecurity and resilience. Defined by the Cyber Resilience Think Tank as, “an organization’s capacity to adapt and respond to adverse cyber events – whether the events are external or internal, malicious or unintentional – in ways that maintain the confidentiality, integrity and availability of whatever data and service are important to the organization,” resilience is a key initiative for 2018.
The vast majority of respondents, 93 percent, rate email as mission critical to their organization – and almost half cannot live with email downtime. Additionally, four out of five respondents said they use email to send Protected Health Information (PHI), making it important to ensure the appropriate safeguards are in place to protect sensitive patient data and demonstrate compliance with security and privacy regulations such as HIPAA.
“This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks. While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats. As the first study by HIMSS on the role of email in cybersecurity and resilience, this research provides new guidance to the industry as we head into 2018,” said Bryan Fiekers, Sr. Director, HIMSS Analytics.
Fortunately, these same organizations are working on a variety of initiatives to build their cyber resilience strategy. The top three resilience initiatives are preventing attacks (94 percent), training employees (90 percent), and securing email (77 percent).
“This survey clearly demonstrates that email is a mission-critical application for healthcare providers and that cyberthreats are real and growing – surprisingly, even more so than the threats to Electronic Medical Records (EMRs), laptops and other portable electronic devices. It’s encouraging that protecting the organization and training employees are top initiatives for next year, but the survey suggests the industry has work to do,” said David Hood, Cyber Resilience Strategist, Healthcare, Mimecast.
Mimecast Top Five Tips for Better Email Security based on research:
- Train Employees on the Risks Inherent in Email: Real-time reminders are better than annual training.
- Analyze Inbound Attachments: With multiple AV engines, safe file conversion and behavioral sandboxing.
- Apply URL Checking: At the time a user clicks, not when it enters the organization.
- Inspect Outbound Emails: For protected health information, other sensitive content and threats.
- Increase Cyber Resilience: Against ransomware and other sources of data destruction with backup capabilities and continuity solutions.
The highlights of this analysis are featured in the blog post titled, “Healthcare Provider Survey Finds Email Most Likely Source of Data Breach.”
The research examined perspectives from 76 IT professionals responsible for information security representing a variety of healthcare provider facilities. The survey is the first of its kind by HIMSS to explores the opinions, events, concerns and practices on the state of cyber security with a focus on the role of email-related threats.
Mimecast (NASDAQ: MIME) makes business email and data safer for 28,200 customers and their millions of employees worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.
Mimecast Social Media Resources
We welcome the opportunity to engage with the press and talk about our work and our industry.
Public Relations Manager, North America
+1 (617) 393 7122
UK & Europe
Senior PR & Communications Manager
+44 (0)207 847 8700
Africa, Middle East, India & Asia Pacific
PR & Communications Manager
+27 11 722 3700