U.S. Hospital Email Security Lacking, Researchers Say

New research released by the Global Cyber Alliance (GCA) reveals that American healthcare providers have incredibly low adoption rates of Domain-based Message Authentication, Reporting and Conformance (DMARC), an email protocol that can protect brands from impersonation attacks. 

Email authentication and deliverability is an extremely technical realm in email marketing, with varying acronyms that can be confusing even to a veteran marketer. SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) are traditional email protocols that authenticate the sender and increase deliverability, but DMARC is a newer protocol that substantially improves email security as well.

DMARC is an email authentication and reporting protocol that builds on SPF and DKIM, making it easier to identify spam and phishing messages.

The lack of DMAR implementation in the healthcare industry is particularly concerning, considering the plethora of confidential information that healthcare providers have access to, including social security numbers, financial data, and health history.



Not a single hospital analyzed by GCA was determined to be experiencing the full benefits of DMARC.

Only six out of the nation’s 50 largest public hospitals are protecting their email domains from being hijacked by cybercriminals, according to GCA’s report. Furthermore, at least half of the top 48 for-profit hospitals have not deployed DMARC protocol to defend against phishing attacks.

Only one hospital currently using DMARC has it deployed at a level that prevents spam from being delivered into the inbox according to GCA. Twenty-seven other hospitals have implemented DMARC, but they only monitor emails instead of stopping suspicious content.

"As cyber threats mount against healthcare providers, deploying DMARC is an essential solution to protecting their patients' data privacy," states Philip Reitinger, president and CEO of GCA. "The protocol has been proven effective, and deployment can reasonably be done by organizations of all sizes, making it an invaluable resource for hospitals who need to protect their patients' digital health. I strongly encourage healthcare organizations to use this protocol to its fullest capacity."

Considering the 400% increase in impersonation attacks quarter-over-quarter, per a recent Mimecast security report, every company should be placing DMARC high on their priority list. 

Next story loading loading..