HIMSS Media together with Mimecast lately publicized research that showed that for the last 12 month time period, 90% of healthcare companies have suffered no less than one email-based threat. Whereas 72% have encountered downtime due to this incident and 25% said the attacks were quite or highly disruptive.
The leading target of cybercriminals is healthcare companies because of the substantial volumes of personal and health data that may be utilized for different fraudulent activities. Email-related attacks are quick to execute due to the fact that healthcare email security defenses are inadequate in comparison to other industries and security awareness training is generally neglected.
The research performed in November 2019 had 101 respondents that had considerable participation with email security at U.S. health systems and hospitals. 75% of the respondents reported they have or are intending to launch a detailed cyber resilience program, yet merely 56% of participants mentioned they already have this kind of system set up. When inquired regarding their existing email security deployments, just 50% had a high level of assurance that their email security solution would deter email-based threats.
When questioned concerning the email threats which were the most troublesome, here are the results:
- 61% of participants answered that the faking of trusted providers
- 57% stated credential-harvesting phishing attacks were really
- 35% reported data leaks and threats begun by cybercriminals thieving the sign-in information of users
The principal losses resulting from the attacks were financial (17%), data (34%) and productivity (55%).
Email security tools can prohibit nearly all threats, but just 79% of participants mentioned that they had established email security controls or were preparing to add them. Internet and cyberspace protection options were just put in place by 64% of medical providers.
These techie options are crucial, yet it is vital not to ignore the human aspect. Just 73% of surveyed companies regarded security awareness training as a vital component of their protection against email-related cyberattacks. This could in part be explained in the way that training is given. 40% of participants said they give security awareness training approximately quarterly and only 27% deliver training yearly.
It is disconcerting looking at the volume of email-related attacks that 11% of participants claimed they carry out security awareness training less regularly than once per year, only when onboarding, or only after a big event, for instance, a data breach or phishing attack.
To better get ready, information technology and security specialists have to improve their email security utilities by pairing the best technical controls with an educated team and tough business processes to avert interruption from email-based attacks.