New Research: Healthcare Company Emails Put Patients at Risk

Posted by Estelle Derouet on

In a recent study, Return Path found that only 12% of the top healthcare brands in the US are being proactive when it comes to protecting their customers, brand reputation, and bottom line from email attacks. This is especially troubling given how heavily the healthcare industry is targeted by cybercriminals.

Medical data—worth 10 times more than a credit card number on the black market—is extremely valuable to fraudsters. The average payout for a medical identify theft is about $20,000, compared to $2,000 for a regular identity theft, according to RSA.

Greater value means more attacks. Just consider these stats:

Phishers often capitalize on the breaking news of a massive data breach. Anthem, for instance, experienced a flood of phishing scams targeting their customers just hours after they publicly announced the data breach we are now all familiar with.

Capture3-1

 

Healthcare companies can’t rely on unassuming customers to spot fraudulent emails like these; 97% of people around the globe cannot identify a sophisticated phishing message.

But healthcare companies can prevent these malicious emails from ever reaching their customer’s inbox in the first place. The problem is, they’re not.

Only 12% of top US healthcare brands are securing email
Return Path analyzed 1,192,786 total messages from 40 of the top healthcare brands in North America, looking specifically at email authentication standard implementation for SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication Reporting and Conformance).

79% of the messages we analyzed did not have an SPF record published for the primary sending domains, which means fraudsters can use it to send malicious messages to unsuspecting customers.  Of those that did have an SPF record, only 21% passed SPF, which indicates that these brands lack visibility and control over their email authentication and/or emails are being sent from IP addresses not authorized by the brand.

Only 12%—five out of the 40 brands—had implemented a DMARC record. This means cybercriminals can spoof any owned sending domain not protected by DMARC in the “From” field, tricking customers into giving up confidential personal and health information.

This trend holds true around the globe. Back in February 2015, Return Path analyzed over 1,000 of the world’s largest brands across 31 countries to look at DMARC adoption rates by region and industry sector. The healthcare industry’s DMARC adoption rate was remarkably lagging, the lowest of all sectors at 8%.

The bottom line is that healthcare organizations simply aren’t doing enough to protect their customers. That’s why we wrote The Healthcare Guide to Email Fraud. In it, we’ll dive into best practices for securing outbound email and protecting patients, brand reputation, and business outcomes.

Get your copy here.

 


Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About Estelle Derouet

Estelle Derouet is Vice President of Marketing, Email Fraud Protection at Return Path. In her role, Estelle leads a fabulously talented team of experienced B2B marketers, tasked with driving awareness and generating demand. Prior to joining Return Path in 2010, Estelle led the EMEA and APAC marketing function at enterprise mobility provider iPass for eight years. Follow her on Twitter @ederouet.

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.