Email-related cyberattacks hit 78 percent of providers says survey

by John R. Fischer, Senior Reporter | December 22, 2017
Cyber Security Health IT
78 percent of providers have experienced
email-related cyberattacks in the
last 12 months, according to
a Mimecast survey
Around 78 percent of providers have experienced email-related cyberattacks in the past 12 months, with more than a dozen instances taking place in many cases.

That is just one of the many figures listed in the Mimecast Limited study by HIMMS Analytics, which found that U.S. health care providers rate email as the most at risk for potential data breaches.

“Everything you can do with an email can be used as part of an attack,” David Hood, cyber resilience strategist for health care at Mimecast, told HCB News. “Attachments can be unsafe, links can be unsafe. Even the words in an email can be unsafe in the case of impersonation attack that looks like it’s coming from someone at the organization but really originates externally.”

About 93 percent of respondents rated email as “mission critical” for the running of their organizations with almost half saying they could not afford the occurrence of email downtime. In addition, four of five respondents use email for the delivery of protected health information.

Yet 87 percent expect email-related security attacks to significantly grow, or at least rise, in the future. Eighty-three percent specified ransomware as the most concerning in light of recent cases, such as "Wanna Cry" and "Petya", in which some hospital operations experienced complete shutdowns. A recent RSNA presentation reported an increase from $24 million to $1 billion in revenue incurred from such attacks.

The survey based its research on the perspectives of 76 IT professionals who oversee information security in a variety of health care provider facilities, finding high levels of concern over the state of cybersecurity and resilience expressed by 97 percent of respondents.

It also found large providers to be the hardest hit with attacks.

Yet it is those same providers that are leading the industry in developing the best tactics for addressing these threats, with many building up cyber resilience, the top three areas of which include attack prevention (94 percent), staff training (90 percent) and email security (77 percent).

“The ideal scenario is to provide training to employees to create a human firewall at the provider organization, and couple that with technology that provides an additional layer of security,” said Hood. “Ultimately, an organization needs to react to where the threats are coming from. Having systems capable of sharing data across different channels, for example, across email security and the firewall, will ultimately lead to better protection and prepare them as attackers shift tactics. Organizations need to have a resilience plan in place that will allow operations to continue while an assessment is performed and contingency plans are executed. In the event that data is compromised, as in ransomware, having appropriate information backed up and the ability to recover that data are key.”

The survey is a first-of-its-kind for HIMSS on email-related attacks in cybersecurity and resilience, and it ultimately found that no provider is immune to them, but that with the right measures in place, can reduce their numbers and combat them when they occur.

You Must Be Logged In To Post A Comment