- The Washington Times - Friday, June 16, 2017

Fewer than a third of the country’s largest hospitals are using an industry standard designed to safeguard systems against cybercriminals’ most common attack vectors, according to a new report.

A review of 98 of the nation’s biggest public and for-profit health care facilities found that only 28 have deployed Domain-based Message Authentication, Reporting and Conformance, or DMARC — a protocol meant to protect email systems against phishing attacks, spam and malware — the Global Cyber Alliance warned in a report Thursday.

The health care industry’s failure to implement the protocol more than five years after its introduction has essentially placed the security of their email systems in “critical condition,” according to the alliance, an assemblage of cybersecurity proponents founded in 2015 by the Manhattan District Attorney’s Office, among other agencies.

“As cyber threats mount against health care providers, deploying DMARC is an essential solution to protecting their patients’ data privacy,” said Philip Reitinger, a former U.S. Department of Homeland Security cyber expert and the alliance’s president.

When used effectively, DMARC can significantly limit the amount of spam and phishing emails received by a domain, essentially narrowing hackers’ options for infiltrating an organization.

“DMARC helps the health care industry prevent the worst type of malicious email from using the most common tactic,” said Jim Routh, chief security officer for health care provider Aetna. “DMARC improves the consumer digital experience by eliminating malicious emails from spoofed domains, increasing the level of trust that consumers have in email. The improvement in trust results in better health outcomes for consumers while also offering better protection of their health information.”

Only six of 50 of the nation’s largest public hospitals had deployed DMARC, while slightly fewer than half of for-profit facilities — 22 out of 48 — had the protocol in place, according to the report. In all, only one of the 98 hospitals had deployed DMARC in a manner that prevents spam from being delivered, the alliance said.

About 15 percent of last year’s major data breaches targeted health care organizations, Verizon reported in its annual Data Breach Investigative Report. health care networks typically traffic in personally identifiable information like patient records, making them prime targets for identity thefts and other cybercriminals. The same report found that 66 percent of malware that made its way onto health care networks had been delivered through email.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide