Article
Cyber Security

Less than 1 in 10 European hospitals protected from phishing

By Vikki Davies
June 01, 2023
undefined mins
Hospitals are increasingly at risk of phishing.
Hospitals are increasingly at risk of phishing.
A new survey of European-based clinics and hospitals has revealed less than one in 10 institutions have correctly implemented basic phishing protection.

The new research by email security provider EasyDMARC reviewed the security policies of 2,000 clinics and hospitals based in Europe. It found that only 144, or 7.2% of the researched 2000 facilities, have correctly implemented and configured security policies to flag, report, and remove outbound phishing emails.

The survey reviewed the deployment of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard among European healthcare domains. First published in 2012, the DMARC standard enables the automatic flagging and removal of receiving emails which are impersonating senders’ domains, which is a crucial way to prevent outbound phishing and spoofing attempts.

EasyDMARC’s research found that only 32% of the reviewed domains had implemented the decade-old DMARC standard, of those institutions, only 144 (7.2%) had implemented a ‘reject’ policy that automatically rejects emails imitating a legitimate domain. More organizations that deployed DMARC had configured it to do nothing about impersonating emails, with 361 (18%) domains having no policy. 140 (7%) had configured DMARC to send impersonating emails into quarantine. Adoption is similar on the international stage, with DMARC adoption among the top 100 global clinics and hospitals sitting at 54%. 

Among the healthcare  institutions implementing DMARC in Europe, the research also highlights a failure to configure the standard once adopted adequately. For example, among the minority of domains tested that employ DMARC, 643 (32%) had incorrectly configured it. As a result, these organizations lacked visibility into any impersonating emails they received or blocked.

Gerasim Hovhannisyan, EasyDMARC CEO and co-founder says: “Impersonating email domains is one of the most effective ways cybercriminals bypass organizational cyber defenses through phishing, spoofing, and ransomware attacks. Far too many organizations are overlooking a vital tool in effectively preventing this present and persistent danger. 

“With stories of ransomware attacks increasingly dominating headlines, the apparent absence of domain authentication renders these organizations susceptible to breaches of highly sensitive, valuable and potentially costly data. Without the adoption of DMARC or similarly effective policies, the sector will continue to see an increase in cyber events and subsequent disruptions and losses.”

 

 

PhishingcyberattackCybersecurity
Share
Share
Author
Vikki Davies

Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI