MDaemon Technologies Blog

It's just a fact of life: If there's email, there will always be spam. If you’re involved with email security for a healthcare organization, 2020 is absolutely the year you can’t afford not to take this seriously. The healthcare sector has become a major target for cyberattacks during the COVID-19 pandemic, and these attacks are successful so often that Becker’s Hospital Review publishes a monthly update on healthcare provider malware, ransomware and phishing incidents. The most recent list includes:

When it comes to email archiving, healthcare organizations require capabilities that continuously meet stringent healthcare-related regulations including HIPAA, privacy regulations such as CCPA, and financial protections such as PCI DSS compliance. This is even more critical in 2020, when the health sector leads all industries in annual data breach costs – with a global average of $7.13 million! – due to federal and state regulations. 

Whether you run a multi-campus medical center or a small private practice, you’ve likely heard about cyber criminals who try to trick you and your employees into clicking a link or downloading an attachment so they can steal your organization’s money or protected data.

The COVID-19 pandemic has accelerated the adoption of cloud services across all industries, but particularly for healthcare providers. If your healthcare organization is considering moving your email from on-premise servers to the cloud, you must do your due diligence around significant security drawbacks that may overshadow the perceived benefits.

The COVID-19 pandemic has been a boon for bad actors across the digital landscape. In July, for instance, authorities in the U.S., U.K. and Canada all issued warnings about serious cyberattacks against healthcare organizations and others involved in the coronavirus response. The purpose of these attacks? Theft of intellectual property during the race to develop a vaccine. The tool of choice? Spear-phishing email attacks.

Online scams are nothing new -- but as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user.

As long as healthcare organizations continue to use email, cybercriminals will find new ways to exploit security gaps, software bugs, and basic human nature to extort millions of dollars from their victims. In just the first six months of this year, Becker’s Hospital Review has noted more than 65 separate incidents of malware, ransomware and phishing attacks on healthcare providers, ranging from Alaska and Hawaii to Florida and Maine. These attacks affected more than 1.14 million patient records in just the cases that released statistics; the true number of those affected is much higher. While one-third of these attacks are specifically noted as being email-related, again, the true number is likely much higher.

The COVID-19 crisis has changed the way we approach data privacy and email security. The necessary and accelerated transition to working from home has been accompanied by a growing surge of Coronavirus-themed phishing scams and spoofed websites used to distribute malware or lure victims into providing confidential information.

The COVID-19 pandemic’s global spread has paved the way for threat actors to unleash the most widely-used cyber threat in recent memory. And healthcare entities are the most frequent target.

Office 365 is one of the world’s most commonly used software packages -- it’s in use by more than 1 million companies worldwide. The software suite announced more than 200 million individual users back in October 2019 and is adding about 3 million users each month.