HIMSS conducted a research about the email security and the results showed that 78% of the healthcare institutes have been the victim of ransomware within last 12 months. Other than the occasional attacks, the healthcare organizations reported that they have been victim of ransomware for more than 12 times in one year. As there are a number of ways by which the malware and ransomware can be installed on the computers, but the healthcare institutes rated the suspicious emails as the attack vector.
When the company asked the respondents to rank the attack vector, email was rated as the highest source to attack on the healthcare information. While the second most highest source of data breach is the “portable device”. About 59% of the organizations ranked the email attack as the 1st, 2nd or 3rd number. On the other hand, the 44% of the organizations stated that laptops are the highest ranked source of attack and they rank it at the 1st, 2nd or 3rd level.
The study shows that the attacks through the email cause various problems for the organizations and they will keep on creating problems in future. According to Malwarebytes, there are 2000 attacks of ransomware in 2015 while its rate increased to 62% in 2016. On the other hand there is a rate of 72% Ransomware in 2017. All these findings have been highlighted in a survey of HIMSS analytics. Ransomware is the major threat of almost 83% of the respondents.
It is very important that the companies should make their email activities securer and clear. More than 80% of the organizations use emails as the mode of communication and transfer of the PHI between different departments. According to 93% of the respondents of the survey email is the best mean of communication. The range of malware and ransomware is considered as the initiative for creating resilience strategy. The second most important thing is that the employee should be trained for the threats. The third one is securing the emails.
Mimecast suggested 5 ways on “how the healthcare institutes reduce the email threats”
- The organizations should train their employees from time to time rather than relying on the annual training of the employees.
- The management or the IT departments should check and analyze the email attachments and scan all the emails for malware and the ransomware.
- In order to check the emails for the URLs, the companies should implement the web filtering solutions so that the suspicious emails can be filtered properly.
- Check all sent emails so that the employees could never send the PHI of the patients outside the company or the unauthorized people. There should be complete checking of the email accounts so that the security can’t be compromised.
- Last, but not the least, the data of the email accounts should be backed up regularly. By doing so, the ransomware attacks can be ensured. This will save the companies from data loss.