Healthcare Provider Send You An Email? Don’t Open It

A healthcare provider is probably the last source from which you want to open an email.

That’s the key finding from a new study that found such correspondences were four times more likely to be fraudulent than ones from a social media site.

Forbes reports that more than 6.5 billion emails were analyzed each day in 2014 in creating the report. The study’s architect, Agari, revealed that when it comes to email, the healthcare industry as a whole is way behind the times.

One real-world example of this is the recent Anthem data breach, which affected over 80 million Americans.

The breach was followed by “a wave of email phishing attacks” targeting the exposed individuals. Anthem had to send warnings out to customers not to respond to emails that might appear to be from the healthcare company.

“I’m looking at this report side by side with the Anthem breach,” said Agari CEO Patrick Peterson. “And what do you know? Email was used to get in, and they sent emails to all the Anthem users.”

In trying to explain why your typical healthcare provider is so far behind the times on email safety, Peterson had this to say.

“It’s just not how these companies were built and programmed. It’s not their culture and the world they live in…. What they’re really charged with is keeping us healthy and happy, and dealing with really traumatic things… This is a completely different challenge for them.”

The major issue, for Peterson, isn’t that the technologies are behind the times, but that not enough companies are implementing them.

Forbes‘ Kate Vinton explains further, noting that there are “three email security protocols—SPF, DKIM, and DMARC… Domain-based Message Authentication, Reporting & Conformance” and that in 2014, “every industry saw an increase in DMARC implementation and DMARC has been enabled on 70 percent of the world’s email accounts.”

Agari developed a TrustScore ranking system from 0 to 75 to grade each of the 147 companies within the healthcare industry and found that a mere 13 of 147 (or less than nine percent) had perfect scores. Furthermore, 30 percent of healthcare provider companies had the lowest score possible (0).

“Customers of more than 75 percent of companies were at high risk of a malicious attack. Social media sites scored highest for security with an average score of 67,” Vinton adds.

“The weaponization of email has raised the stakes much, much higher than they were even three years ago,” Peterson warned.

Do you think healthcare provider companies should be held liable for any victimization that originates through their email systems?

[Image via ShutterStock]