Healthcare Industry Lagging in DMARC Implementation
Insufficient DMARC Protection in UAE and South African Hospitals
According to a recent analysis by cybersecurity firm Proofpoint, approximately 75% of hospitals in the United Arab Emirates (UAE) and South Africa have not implemented the strongest form of the Domain-based Message Authentication, Reporting and Conformance (DMARC) email validation protocol. DMARC is a critical tool for preventing email fraud and protecting sensitive patient data. The analysis revealed that only 28% of hospitals in these regions have adopted the recommended level of DMARC protection, known as “reject.” The remaining hospitals have either chosen the lower levels of protection, such as “monitor” or “quarantine,” or have not taken any steps to protect against fraudulent emails.
This lack of DMARC implementation is concerning, particularly given the healthcare industry’s increasing vulnerability to cybercriminals. With hospitals holding a wealth of sensitive patient information, they have become prime targets for ransomware attacks. Emile Abou Saleh, the regional director for the Middle East and Africa at Proofpoint, emphasizes the need for a comprehensive security strategy to protect the future of the healthcare sector in the UAE and South Africa. This issue has been recognized as a priority area under the respective national agendas of both countries.
Reasons for Low DMARC Adoption in the Healthcare Industry
The adoption of DMARC in the healthcare industry remains around 25%, and there are several reasons for this low implementation rate. Firstly, DMARC implementation can be complex, particularly in medium to large health systems. It requires coordination among multiple departments, careful configuration of email servers, and ongoing monitoring and management. This complexity poses challenges for healthcare organizations, especially considering the staffing limitations experienced by the industry, particularly in IT and information security departments.
Furthermore, resource limitations play a significant role in hindering effective DMARC implementation. Dedicated cybersecurity resources are often necessary to ensure the successful adoption and maintenance of DMARC, but these resources are scarce in the healthcare industry. The COVID-19 pandemic has further exacerbated these resource limitations, as healthcare organizations had to redirect their focus and resources to address the immediate challenges of the crisis. The rapid shift to remote work and the disruption of elective surgeries, which are highly profitable for healthcare institutions, further strained resources and attention.
Ryan Witt, healthcare cybersecurity leader at Proofpoint, emphasizes the need for increased investment in securing health systems. He highlights that cyber events can directly impact patient care, causing delays in procedures, unavailability of patient records, increased treatment complications, and the need to transfer patients to different care facilities. Hospital executives are increasingly recognizing the importance of cybersecurity as a core component of patient care and are realizing that additional investment is needed to fortify their health systems.
Improving DMARC Adoption in Healthcare Organizations
There are options available to assist healthcare organizations in improving their DMARC implementation. One such resource is the Health Information Sharing and Analysis Center (H-ISAC), which has been advocating for the adoption of DMARC as a fundamental security control in the healthcare industry. This organization can provide guidance and support to healthcare organizations looking to strengthen their email security.
Additionally, the US Department of Health and Human Services offers a best-practices document for cybersecurity preparedness through its 405d program. This document emphasizes the importance of DMARC in safeguarding against cyberattacks in healthcare. Healthcare organizations can leverage this resource to develop robust cybersecurity strategies, including the implementation of DMARC.
Conclusion
The low adoption of DMARC in the healthcare industry, particularly in hospitals within the UAE and South Africa, is a cause for concern. It exposes these institutions and their sensitive patient data to the risk of cyberattacks and email fraud. Healthcare organizations must prioritize the implementation of DMARC as part of their broader security strategies. The complexity of implementation and resource limitations pose challenges, but organizations can seek assistance from industry organizations and governmental programs to improve their email security posture. It is crucial that healthcare executives recognize the direct impact cyber events can have on patient care and invest in the necessary resources to secure their health systems effectively.
<< photo by Pixabay >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Breaking Down Barriers: Embracing Consolidation for Enhanced Efficiency
- The Growing Battle Against Cybercrime: BreachForums Owner Pleads Guilty
- The Evolution of Passwords: Decoding George Washington’s Digital Identity
- APT35 Expands Arsenal: Mac Malware on the Rise
- How to Outsmart Business Email Compromise Scammers in 6 Simple Steps
- The Vulnerabilities of Gmail’s Blue Check Verification System
- The Growing Threat of Malicious USB Drives: A Global Target for SOGU and SNOWYDRIVE Malware
- Cyber Space Pirates: Unleashing the Risks of Satellite Hijacking
- An Exploration of Healthcare Innovation: Balancing Safety and Security
- China’s Cyber Intrusion Puts Microsoft’s Security to the Test: Exploring the Fallout
- Shoring Up Software Security: A CISO’s Guide to Tackling Supply Chain Risks
- IP Fabric Raises $25M in Series B Funding to Drive Network Assurance Adoption
