A new risk assessment found that malware is getting through to healthcare organizations 16.2 percent of the time.
Healthcare organizations’ email security systems are not blocking malware, phishing attempts and other unwanted mail at a greater rate than the average company, according to a new report by the data security company Mimecast.
The problem could be because healthcare organizations are getting attacked more — or their filtering system isn’t as strong as it should be, Matthew Gardiner, cybersecurity strategist at Mimecast, told Healthcare Analytics News™.>> READ: Healthcare System Neglect Is Top Cause of Data Breaches
Based on the report, unwanted mail, spam, malware and impersonation attacks are all getting through healthcare security systems at a greater rate than for other businesses. Unwanted mail is getting through to healthcare organizations 16.2 percent of the time, compared to 11.7 percent elsewhere. Malware, including dangerous attachments in email is getting through at a rate of 1 per 3,741 attempts for healthcare versus 1 of 3,905 in general.
Why healthcare organizations are seeing more unwanted emails come through is unclear. However, it is important for these organizations to regularly reevaluate their technical control for email, Gardiner said.
Dangerous file types include .exe, .jsp. and .src, which are rarely sent via email for legitimate purposes but can be used for malware-led attacks.
The entire test, which also used data collected from the previous six quarters, showed that 12 percent of emails deemed safe were false negatives, meaning they represented a threat to the organization.
The report also found more than 17,403 malware attachments, 42,350 impersonation attacks and 205,363 malicious URLS were all missed by security providers and delivered to users’ inboxes.
“In the world of email security, are organizations really applying best practices or are they just settling for what they have?” Gardiner said.
Get the best insights in healthcare analytics directly to your inbox. Register for our daily newsletter.
Related
How the Atrium Health Data Breach Unfolded