In a new study, 78 percent of healthcare providers say they have experienced email-related cyberattacks in the form of ransomware, malware or both in the past 12 months.
The study, conducted by Mimecast and HIMSS Analytics, examined 76 senior information technology professionals responsible for information security at various sized healthcare facilities.
Of the 76 IT professionals, 87 percent say they expect email-related security threats to increase significantly in the future.
Eighty-three percent say ransomware is the most concerning type of email-related threat and four out of five respondents say they use email to send Protected Health Information (PHI).
“This survey clearly demonstrates that email is a mission-critical application for healthcare providers and that cyberthreats are real and growing – surprisingly, even more so than the threats to Electronic Medical Records (EMRs), laptops and other portable electronic devices,” says Mimecast healthcare cyber resilience strategist David Hood.
Other concerns of respondents include malware, targeted attacks such as spear-phishing and business email compromise.
Some other key findings from the study include:
- Eighty-eight percent say they perform cybersecurity assessments at least once yearly. Of the 88 percent, 43 percent conduct them at least once a year, 16 percent conduct them quarterly and 18 percent conduct them monthly.
- Two-thirds say they include email in their assessments, one-third sometimes include email and 2.5 percent never include email or are unaware if they do.
- The top three cyber resilience strategies being taken by the respondents include preventing attacks (94 percent), training employees (90 percent) and securing email (77 percent), reports Health IT Security.
While the survey indicated large organizations have experienced more attacks in the past 12 months, they were more likely to include email in their cybersecurity assessment.
Of the organizations surveyed, 63 percent of large facilities have experienced both malware and ransomware in the last year, compared to 24 percent of intermediate facilities and 22 percent of small facilities.
“This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks. While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats,” says HIMSS Analytics senior director Bryan Fiekers.
Based on its research, Mimecast says these five tips are the best ways to improve email security:
- Train employees on the risks inherent in email: real-time reminders are better than annual training.
- Analyze inbound attachments: with multiple AV engines, safe file conversion and behavioral sandboxing.
- Apply URL checking: at the time a user clicks, not when it enters the organization.
- Inspect outbound emails: for protected health information, other sensitive content and threats.
- Increase cyber resilience: against ransomware and other sources of data destruction with backup capabilities and continuity solutions.