Global Health Care Companies Face a Common Foe: Fake Email

Impersonation Attacks Are of Concern to 98 Percent of Large Health Care Companies, Study Finds

SAN FRANCISCO, May 18, 2018 — Valimail, the world’s leader in automating email authentication, today released an original research report on the email authentication preparedness of the global health care industry. Valimail found that the overwhelming majority of large health organizations are susceptible to “spoofing” of their own email domains, also known as impersonation attacks, which are a leading vector for cyberattacks.

Valimail analyzed the primary domains for 928 health care companies around the world (including hospitals, medical equipment & supply makers, pharmaceutical manufacturers, pharmacies, and physicians/health practitioners) with revenues of at least $300 million annually. Valimail found that 121 of these companies (13 percent) have begun to protect themselves by using Domain-based Message Authentication, Reporting and Conformance (DMARC), which detects and prevents email spoofing.

Similar to other industries studied by Valimail, less than 15 percent of health care companies that deploy DMARC succeed in getting to enforcement — a DMARC setting that actually protects domains against impersonation attacks — so the overall rate of enforcement in global health care is 1.7 percent.

“Email impersonation is a serious threat, so we applaud the healthcare leaders and organizations making it a top priority,” said Valimail CEO and co-founder Alexander García-Tobar. “With 80% failure rates, successful deployment of DMARC — known as enforcement —  is clearly a challenge for all companies using manual authentication approaches, not just those in health care. The data furthermore supports our view that full automation is the most efficient and reliable approach to attain and maintain enforcement.

Other findings from the report include:

  • Global health care companies have largely embraced the older Sender Policy Framework (SPF) standard, with almost 60 percent of these companies using SPF
  • Health care companies attempting DMARC have substantially higher annual revenues than those that aren’t attempting it ($8.4 billion vs. $1.6 billion), suggesting DMARC implementation is a resource issue for smaller companies
  • Australia, India, and France have higher rates of DMARC usage among health care companies than most other countries
  • Hackers and fraudsters can easily impersonate health care companies that lack DMARC at enforcement, putting protected health information (PHI) at risk

To view Valimail’s full Health Care Industry Report report visit:

Subscribe to our newsletter