Healthcare emails are far from secure, according to a new study by Agari.
The study found, for example, that 98% of the top health care companies have failed to protect their
customers and business partners from phishing. And not many are utilizing Domain-based message authentication, reporting and conformance (DMARC).
Agari analyzed the DMARC authentication
posture of 549 large firms in the healthcare and pharmaceuticals fields.
It found that:
- Healthcare is the most targeted sector, and that 92% of domains have carried fraudulent
email.
- Healthcare organizations lag in DMARC adoption — 77% do not utilize it. And of those that do, only two have law enforced-based policies to protect customers from getting
fraudulent emails. However, while the percentage is low, there has been an 85% increase in enforcement.
- Of the companies surveyed, 21% have a none (monitor) policy, allowing them to monitor,
if not prevent, authentication abuse.
- Agari estimates that 98% of healthcare operators are vulnerable to digital deception. This leaves customers exposed to phishing and fraud, the
company says.
- A mere 1% have a quarantine policy, which redirect messages failing authentication to a spam folder, and the same percentages have a reject policy to block such
messages.