Vizium360® > Cybersecurity  > Healthcare’s Email Problem: Insider Threats, Data Retention, Phishing
Healthcare’s Email Problem

Healthcare’s Email Problem: Insider Threats, Data Retention, Phishing

Topic: Healthcare’s Email Problem: Insider Threats, Data Retention, Phishing

Email is a crucial communication tool, but as insider threats remain the biggest risk, healthcare must address key problem areas like data retention and phishing defenses to reduce risks.

Reports consistently highlight the risk of vulnerability exploits and ransomware to healthcare. But email is often the key access point in these attacks, through phishing and stolen credentials. As insiders remain a leading threat, it’s paramount for providers to better understand the email problem, as well as the best ways to improve training and reduce the risk of compromised data.

Security incidents reported to the Department of Health and Human Services (HHS) and previous Mimecast-HIMSS Media data show healthcare’s email defenses lag behind other industries. In 2019 alone, 72 percent of providers reported experiencing an email-based cyberattack.

In fact, the Verizon Data Breach Investigations Report consistently names insiders as the largest threat to healthcare.

Of HHS’ ongoing breach investigations, at least 40 percent are tied to email. And each year, multiple email hacks impact data of both former and current patients, some even impacted data more than a year old.

In May 2020, a month-long hack of an employee email account impacted the data of 78,070 National Cardiovascular Partners patients. Recently, Total Health Care Plan began notifying 221,450 patients that their data was compromised after several employee email accounts were hacked.

In the last year, similar events were reported by American Medical Tech, Cano Health, EyeMed, and Einstein Healthcare, among a host of others.

“Healthcare is an interesting, dynamic area: they’re operating with small- and medium-sized budgets, but they’re in need of enterprise security,” said Fortified Health Security CEO Dan L. Dodson. “It doesn’t matter the environment, the challenge exists for all providers.”

“To be effective, they have to make sure they’re not only deploying capital to provide safeguards, but also doing the things that aren’t expensive,” he continued. “Often we look for the next shiny object or silver bullet to solve the problem, when in reality it doesn’t exist. We need to do blocking and tackling—and that doesn’t cost a lot of capital.”

Topic Discussed: Healthcare’s Email Problem: Insider Threats, Data Retention, Phishing

Read Original Article