How DMARC helps boost healthcare’s herd immunity to ransomware

With its sudden onset, devastating effects, and long recovery time, ransomware can be best likened to a disease. And no industry knows this better than healthcare. In 2021, there were 1203 attacks on US healthcare institutions alone, and for 11 consecutive years, healthcare has been hit with the heftiest costs for data breaches, largely resulting from attacks like these.

But what makes ransomware such a serious affliction for healthcare providers is that the data breaches and disruptions resulting from attacks have a very human cost. In research carried out by Ponemon Institute, 22% of respondents agreed that ransomware has an impact on increased mortality rates, while PBS uncovered a shocking parallel between ransomware and an uptick in fatal heart attacks.

It’ll only become a more pressing priority for healthcare providers to strengthen their defenses against this affliction as we move into 2022, and DMARC plays a key role in this. 

How does ransomware work?

Ransomware is a type of malware – most often disguised in a phishing email – that once deployed, blocks you from accessing your data through encryption. Cybercriminals then demand a ransom for access to this, otherwise, your data might be lost or leaked. 

What makes companies susceptible to ransomware?

Sensitive data, legacy systems, a widespread attack surface, and digitization all contribute to a company’s vulnerability to ransomware attacks. But not having the essential security protocols in place to secure vital information and infrastructure makes any business vulnerable, and these are often overlooked.

As our CEO Rahul Powar explains, “Primarily what makes companies susceptible to ransomware attacks is a lack of the basic infrastructure and protocols which are designed specifically to mitigate these risks. Businesses should be asking themselves if they have protocols like DMARC in place to stop exact impersonation attacks, if their inbound protection like SEGs or Advanced Threat Protection products are in order, and whether sufficient awareness training has been provided. Ransomware attackers will take any opportunity to hit an organization with a lot of sensitive data, and the more robust, standardized solutions businesses can put in place to plug the gaps, the better protected they are.” 

Why is healthcare such a lucrative target for cybercriminals?

There are a number of reasons why ransomware is so rife in healthcare:

  • Healthcare organizations store mass amounts of very sensitive data, and cybercriminals know this. 
  • It’s a sector which is rapidly digitizing, meaning there are vulnerabilities if the right measures aren’t in place.
  • There’s a widespread attack surface with many staff who’ve often not received adequate security awareness training in many areas.
  • Large supply chains and alot of third-party outsourcing, meaning there are more endpoints and opportunities for attack.
  • Legacy systems and outdated processes contribute too.

“Healthcare organizations are lagging behind other verticals in cybersecurity defenses because they do not invest enough on cybersecurity protection and are known to be vulnerable to attacks. Some of the basic protections against cyberattacks are not deployed and hence they are easy targets for hackers. Attacks on healthcare have a higher impact from the perspective of lives lost or physical harm as data or critical systems are compromised, as well as the sensitivity of the data being exposed.”

Issam Bandak, Red Sift Director of Sales Engineering

How can protocols like DMARC help create herd immunity in the healthcare sector?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s a globally standardized email authentication protocol that protects domains from exact domain impersonation or ‘email spoofing’. Essentially, when implemented properly at a policy of p=reject, it ringfences your domain (www.example.com) and blocks hackers from being able to use it to impersonate your business and send phishing emails to your patients, employees, and supply chain.

Given that 90% of cyber attacks start with an email, and 90% of malware is delivered via spam email, DMARC is an essential – and surprisingly cost-effective – way for providers to secure this particularly vulnerable vector. Better still, the more organizations that adopt it, the fewer domains are on offer for hackers to impersonate for phishing attacks, BEC, ransomware, and vendor fraud. That’s where the concept of herd immunity comes in; if every organization implements DMARC, then ransomware will be driven down, and healthcare organizations, their data, suppliers, and most importantly patients, will be better protected.

Get your free DMARC health check today

At Red Sift, we’re passionate about democratizing the technology essential to cybersecurity – in short making it easy and accessible for everyone. So take the first step to DMARC protection today and get your free DMARC, SPF, and DKIM health check using our investigate tool.

Check email DMARC setup

PUBLISHED BY

Sabrina Evans

11 Feb. 2022

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
News

Meet Red Sift Radar: The Skilled Up LLM That Finds and Fixes…

Rahul Powar

After months of beta testing and feedback, we are excited to announce that Red Sift Radar, our skilled up LLM offering seamless integration with Red Sift OnDMARC, is now commercially available.  With Red Sift Radar, security teams can detect exposures, prevent configuration drift, and classify assets or suspicious activity without adding additional headcount. By…

Read more
News

G2 Fall 2024 Report: Red Sift OnDMARC Wins Big

Francesca Rünger-Field

We’re delighted to share that Red Sift OnDMARC’s winning streak continues. This Fall, we’ve once again been named a Leader in G2’s DMARC category, achieving recognition in both the overall Leader category and Europe for the first time. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more