Office 365 is one of the world’s most commonly used software packages -- it’s in use by more than 1 million companies worldwide. The software suite announced more than 200 million individual users back in October 2019 and is adding about 3 million users each month.
However, any successful software solution becomes a growing target for cybercriminals to spread phishing and ransomware attacks. It’s been noted that phishing emails are the root of 92 percent of all data breaches – and that healthcare is the number-one target for these attacks. It was a phishing email in April that gained access to Magellan Health’s network and resulted in a data breach and ransomware attack. Data extracted appears to have affected both employees and consumers; it included login credentials and passwords, as well as personal information such as names, addresses, employee ID numbers, and some W-2 or 1099 details such as Social Security numbers or Taxpayer ID numbers.
As an additional concern, in the healthcare industry, dealing with the aftereffects of a data breach may even affect mortality rates in your facility. In October 2019, Security Magazine reported on a study that found a data breach at a non federal acute-care inpatient hospital was associated with an additional 23-36 deaths per 10,000 acute myocardial infarction (AMI) discharges per year, on average.
The HIPAA Journal has detailed recent phishing scams using Office 365 as their gateway and listed several important steps for healthcare services to take to keep their Office 365 usage HIPAA compliant. These steps include:
- Ensure logging is configured and review email logs regularly.
- Ensure emails are encrypted.
- Back up regularly and use email archiving.
- Consider a third-party solution on top of Office 365’s protections.
Why a Third-Party Solution?
A big drawback of a large hosted service like Office 365 is that, if cybercriminals manage to take over one of its accounts, that one account can be used to spread thousands of phishing attacks. Because these attacks are sent from a legitimate Office 365 account, they are likely to get past Microsoft’s Exchange Online Protection (EOP) and Advanced Threat Protection (ATP).
To combat these growing threats, businesses are turning to third-party email security gateways, and there are plenty of them out there with a relatively standard set of anti-spam and anti-phishing features. The healthcare industry, however, needs a solid email filtering solution that is easy to use while still providing important security features such as archiving, full regulatory compliance, and reporting.
Why Security Gateway?
For healthcare organizations that use Office 365, Security Gateway offers stronger protection against email-borne threats, with account-verification controls tailored specifically for Office 365 to ensure that only authorized users are permitted to send or receive email.
Of course, Security Gateway does much more than protect your users from viruses, spam, phishing attacks, spyware, and other types of unwanted and harmful email. It also includes built-in archiving with retention policies and legal hold for healthcare organizations that must meet HIPAA and HITECH compliance laws that require, among other things, a secure backup in the event of an outage or security breach.
Security Gateway also includes Data Leak Prevention (DLP) to prevent protected health information (PHI) as well as tax-ID numbers, banking information, and much more from getting into the wrong hands. Messages containing confidential data can be encrypted using the built-in email encryption options, or sent into administrative quarantine for further review.
At MDaemon Technologies, our team of experts have been in the email security business for over 25 years. And while we have the resources and vision to address emerging messaging, collaboration and security needs into the future, our team is small and agile enough to build relationships with our customers. We know that healthcare organizations have a larger mission in life than mastering every detail of data security; let us handle those details for you through our solutions that are easy to install, use, and keep up to date.