Hospitals aren't taking the necessary steps to protect email domains from phishing attacks, according to a Global Cyber Alliance survey.
For the survey, investigators examined whether the 50 largest public hospitals and the 50 largest for-profit hospitals in the U.S. had deployed the organization's free Domain-based Message Authentication, Reporting and Conformance, or DMARC, protocol. The DMARC protocol aims to help organizations prevent spam by providing an "identity check" on their email domains.
The investigators found six of the public hospitals protected their email domains, compared to 22 of the for-profit hospitals. However, these organizations only deployed DMARC in a limited capacity. Only one of the hospitals used DMARC in a way that would prevent spam from being delivered to an email inbox.
The investigators concluded 99 percent of the largest public and for-profit hospitals didn't adequately protect their email domains.
"In the end, not one of the one hundred hospitals scanned is experiencing the full benefits of DMARC implementation," according to the Global Cyber Alliance.