Fewer than a third of the country’s largest hospitals are using an industry standard designed to safeguard systems against cyber criminals’ most common attack vectors, according to a new report.
A review of 98 of the nation’s biggest public and for-profit health care facilities found that only 28 have deployed Domain-based Message Authentication, Reporting and Conformance, or DMARC — a protocol meant to protect email systems against phishing attacks, spam and malware — the Global Cyber Alliance warned in a report Thursday.
The health care industry’s failure to implement the protocol more than five years after its introduction has essentially placed the security of their email systems in “critical condition,” according to the alliance, an assemblage of cybersecurity proponents founded in 2015 by the Manhattan District Attorney’s Office, among other agencies.
“As cyber threats mount against health care providers, deploying DMARC is an essential solution to protecting their patients’ data privacy,” said Philip Reitinger, a former U.S. Department of Homeland Security cyber expert and the alliance’s president.
When used effectively, DMARC can significantly limit the amount of spam and phishing emails received by a domain, essentially narrowing hackers’ options for infiltrating an organization.