During the COVID-19 pandemic, healthcare organisations are working diligently to diagnose patients, adjust to an increased need for telehealth services, and provide treatment. In this “digital age” of healthcare, many of these organisations are also in regular email communication with patients, government entities, and other firms to provide pressing medical updates. Unfortunately, most healthcare organisations have not implemented email authentication best practices and may be unknowingly exposing themselves to cybercriminals looking to capitalise on the pandemic and potentially trick individuals with fraudulent emails.
In an examination of the top 50 healthcare organisations by market cap listed in the Australian Securities Exchange, Proofpoint uncovered that only 8 percent have implemented the strictest and recommended level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection. That setting and policy is known as “Reject” and actually blocks fraudulent emails from reaching their intended target.
Further, Proofpoint found that 60 percent of examined entities do not have any published DMARC record, making them potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting users.
DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
Healthcare organisations are in constant contact with patients, government entities, and other firms as they share updates around their COVID-19 efforts and patient care plans. At the same time, cybercriminals are carefully following each new COVID-19 development and launching attacks that are social engineering at scale based on fear. They know people are looking for information around this out of concern for their safety and are more likely to click on potentially malicious links or download attachments that appear to come from a trusted healthcare source.
Proofpoint has identified more than 300 COVID-19 themed scams to date, accounting for more than 500,000 messages, 300,000 malicious URLs, and 200,000 malicious attachments. Cybercriminals regularly use domain spoofing to pose as trusted entities and take advantage of weaknesses in email protocols to send a message under a supposedly legitimate sender address. This makes it difficult for an ordinary Internet user to identify a fake sender.
It is critically important that the communication methods used by healthcare providers is secure. Effective security requires a people-centric approach that caters to the most attacked and vulnerable individuals. We recommend implementing robust email defences and inbound threat blocking capabilities (including deploying DMARC email authentication protocols), combined with cybersecurity awareness programs that train users to spot and report malicious emails.