Impersonation Attacks Are of Concern to 98 Percent of Large Health Care Companies, Study Finds
Valimail, the world’s leader in automating email authentication, recently released an original research report on the email authentication preparedness of the global healthcare industry. Valimail found that the overwhelming majority of large health organizations are susceptible to “spoofing” of their own email domains, also known as impersonation attacks, which are a leading vector for cyberattacks.
Valimail analyzed the primary domains for 928 health care companies around the world (including hospitals, medical equipment & supply makers, pharmaceutical manufacturers, pharmacies, and physicians/health practitioners) with revenues of at least $300 million annually. Valimail found that 121 of these companies (13 percent) have begun to protect themselves by using Domain-based Message Authentication, Reporting and Conformance (DMARC), which detects and prevents email spoofing.
Similar to other industries studied by Valimail, less than 15 percent of healthcare companies that deploy DMARC succeed in getting to enforcement — a DMARC setting that actually protects domains against impersonation attacks — so the overall rate of enforcement in global healthcare is 1.7 percent.
“Email impersonation is a serious threat, so we applaud the health care leaders and organizations making it a top priority,” said Valimail CEO and co-founder Alexander García-Tobar. “With 80% failure rates, successful deployment of DMARC — known as enforcement — is clearly a challenge for all companies using manual authentication approaches, not just those in health care. The data furthermore supports our view that full automation is the most efficient and reliable approach to attain and maintain enforcement.”
Other findings from the report include:
- Global health care companies have largely embraced the older Sender Policy Framework (SPF) standard, with almost 60 percent of these companies using SPF
- Health care companies attempting DMARC have substantially higher annual revenues than those that aren’t attempting it ($8.4 billion vs. $1.6 billion), suggesting DMARC implementation is a resource issue for smaller companies
- Australia, India, and France have higher rates of DMARC usage among health care companies than most other countries
- Hackers and fraudsters can easily impersonate health care companies that lack DMARC at enforcement, putting protected health information (PHI) at risk
Recommended Read: Is Your Company Domain Vulnerable To Email Impersonation?