Healthcare group calls for tight security protocols amid fraud in healthcare emails

The National Health Information Sharing and Analysis Center is joining the Global Cybersecurity Alliance and Agari, a cybersecurity firm, in urging healthcare organizations to combat email fraud by enhancing their email security practices in 2018.

The push follows the groups' publication of a security research report that found the healthcare industry is most vulnerable to email fraud, with 57 percent of emails "from" the healthcare industry being fraudulent or unauthenticated.

NH-ISAC, an organization that focuses on sharing information relating to cybersecurity threats in the healthcare sector, is calling on its member organizations to commit to the Domain-based Message Authentication, Reporting & Conformance protocol by 2018. DMARC is an email security method used to authenticate emails. This protocol double-checks that each message was actually sent by its listed sender to prevent phishing and spoofing. 

According to the report, titled "Agari Industry DMARC Adoption Report for Healthcare," 98 percent of top healthcare providers have not implemented enforcement policies for DMARC.

During the past six months, 92 percent of healthcare domains have been targeted by fraudulent email, and NH-ISAC, as well as other agencies, like the Department of Homeland Security, say DMARC is one way organizations can help combat this. In fact, DHS issued a directive in October mandating federal agencies adopt the protocol in 90 days.

Other healthcare companies, like insurer Aetna, have followed suit.

"The implementation of DMARC for Aetna improved the consumer experience by eliminating unwanted and fraudulent email which reduced the risk of phishing, resulting in more email engagement and healthier lives for members," said Jim Routh, chief security officer for Aetna.

"Organizations that have deployed DMARC have seen significant lift in email click-through rate, as they minimize the phishing and spam emails that erode trust in their brand," said Patrick Peterson, founder and executive chairman of Agari. "By heeding the guidance of NH-ISAC leaders, healthcare companies will improve security for themselves, their healthcare providers and their patients. Successful DMARC implementations from Aetna, Blue Shield of California and Spectrum Health are leading the way for other healthcare industry organizations to restore trust in communications."

More articles on cybersecurity:

North Carolina DHHS sends unencrypted email containing 6k employee applicants' drug screening data to vendor

IBM hits quantum computing milestone

AMA, Harvard Health Publishing 'pause' partnerships with Outcome Health

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months