Healthcare providers, the holders of some of the most sensitive possible data on consumers, rank email as their worst cyber security threat, according to a study from Mimecast Ltd., conducted by
HIMSS Analytics.
Of 76 IT professionals surveyed, 78% say their employers have suffered an email-related attack in the last 12 months -- some more than a dozen times. Worse, entire
hospital operations have been shut down by WannaCry and Petya attacks delivered by email.
Thus, it is no surprise that 37% rank email as the No. 1 source of data breaches -- more than all the
other threats combined -- and that this fear is “unequivocal,” writes David Hood, director, technology marketing for Mimecast, in a blog post on the results.
Next are
laptops and other portable electronic devices, followed by paper/films and electronic medical records. Desktops rank near the bottom, and network severs are last.
The most common type of
threat -- cited by 83% -- is ransomware, followed by malware, spear phishing and business email compromise.
advertisement
advertisement
Overall, 87% expect email-related security threats to increase. And 97% are
concerned about cyber security in general.
They have reason to feel vulnerable: Roughly 80% use email to send patient healthcare information. And they are governed by HIPPA, a strict medical
privacy law
Email is critical to 90% of these organizations. And 43% say email is mission-critical, and that they cannot tolerate downtime.
All this points to a need for
encryption solutions, the study notes.
So what are these providers doing to fight cyber crime?
Of those polled, 94% are working on initiatives to prevent attacks, 90% are conducting
employee training and 77% are securing their email. Large percentages are also performing periodic cyber security audits, creating standard security policies and building enhanced network
security.
"This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks,” states Bryan Fiekers, senior director, HIMSS Analytics.
He adds that “while the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry
best practices to address these threats.”
It is critical to ensure the appropriate safeguards are in place to protect sensitive patient data and demonstrate compliance with security and
privacy regulations such as HIPAA.
Hood offers these tips for providers worried about data security:
- Train employees about the risks inherent in email
- Analyze inbound
attachments
- Apply URL checking
- Inspect outbound emails for protected health information
Mimecast is an email and data security company.