A recent Mimecast-sponsored survey conducted by HIMSS Analytics has shown that healthcare providers believe email to be a main attack vector used by cybercriminals to gain access to data and healthcare networks.
Email was rated as the most likely attack vector that would lead to a data breach, and such attacks are not just theoretical. 78% of survey respondents said they had experienced an email-based cyberattack in the past 12 months, such as an attack that attempted to deliver ransomware or malware. Some of the respondents said they had experienced more than a dozen such attacks in the past year.
Considering how effective email-based attacks are at gaining access to healthcare networks, it is no surprise that 87% of survey respondents expect email-based attacks to increase or significantly increase in the future.
Malware and phishing attacks are major threats, but by far the biggest threat is seen to be ransomware. The healthcare industry has been targeted by cybercriminals using ransomware to encrypt patient data and prevent doctors from being able to access patient records. 87% of respondents saw ransomware as the biggest threat to arrive via email. 97% of respondents were highly concerned about cybersecurity and their ability to block cyberattacks, especially email-based attacks.
93% of respondents said email was mission critical to their organization, with almost half of respondents saying they could not cope with email downtime. Email is used to send patient health information to internal staff and other providers. Since HIPAA Rules require all protected health information to be safeguarded at all times, and there are major fines for HIPAA failures, securing email is of major importance.
Respondents were asked about the initiatives they had in place to improve their resilience to cyberattacks. The main three initiatives were preventing attacks (94% of respondents), employee security awareness training (90% of respondents), and securing email (77% of respondents).
“This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks,” said Bryan Fiekers, Sr, Director, HIMSS Analytics. “While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats.”