• by Ray Schultz , November 29, 2017

Healthcare emails are far from secure, according to a new study by Agari. 

The study found, for example, that 98% of the top health care companies have failed to protect their customers and business partners from phishing. And not many are utilizing Domain-based message authentication, reporting and conformance (DMARC).  

Agari analyzed the DMARC authentication posture of 549 large firms in the healthcare and pharmaceuticals fields.

It found that:

• Healthcare is the most targeted sector, and that 92% of domains have carried fraudulent email.
• Healthcare organizations lag in DMARC adoption — 77% do not utilize it. And of those that do, only two have law enforced-based policies to protect customers from getting fraudulent emails. However, while the percentage is low, there has been an 85% increase in enforcement.
• Of the companies surveyed, 21% have a none (monitor) policy, allowing them to monitor, if not prevent, authentication abuse.  
• Agari estimates that 98% of healthcare operators are vulnerable to digital deception. This leaves customers exposed to phishing and fraud, the company says.
• A mere 1% have a quarantine policy, which redirect messages failing authentication to a spam folder, and the same percentages have a reject policy to block such messages.