Persistent Scams Yield PHI Theft

Phishing attacks on U.S. healthcare organizations frequently expose private health information (PHI). Targeting medical staff, criminals pose as recognized sources to access Electronic Medical Record (EMR) data. And with frequently reported public breaches, there’s no decline in sight.

A recent string of medical phishing attacks in California, Wisconsin, and Maryland gained 10,000+ records in each attempt. Yet less than 5 percent of hospitals have email authentication in place. Of those, only one in 28 are at enforcement according to the Global Cybersecurity Alliance. Which means over 98 percent of organizations are not protected and their emails can be spoofed by hackers to launch phishing attacks.

With Valimail’s automated solution, healthcare organizations can get to DMARC enforcement quickly and protect their patients’ PHI information.

Phishing Attacks, Brand, Trust

An equally important issue for healthcare companies is to protect their brand. Trust is very important when it comes to patient safety. Once a breach occurs through email, the brand is severely damaged and patient trust is eroded.

To help healthcare companies protect PHI information, stop phishing attacks, build trust, and protect their brand, the National Health Information Sharing and Analysis Center (NH-ISAC) is asking members to adopt DMARC email authentication standards. Their goal is to protect patient names, birth dates, and diagnostic codes, as well as help members maintain HIPAA and HITEC compliance. As a product company and active member, we are working closely with NH-ISAC to educate and help healthcare organizations reach their DMARC enforcement goal quickly and efficiently.

Healthcare Email Authentication

Valimail’s email authentication technology protects healthcare organizations from spear phishing, whaling, and impersonation attacks.

Valimail is the only truly automated solution with guaranteed DMARC enforcement. All it takes is just a simple DNS text record change and pointing DMARC, SPF, and DKIM to Valimail. That’s it. After that the Valimail solution takes care of everything. Unlike other solutions that make you do all the work, Valimail takes on all the burden of getting you to enforcement with our patented technology.

With an easy-to-use management console, IT teams have one-click control over DMARC policies to protect employees from impersonation attacks and shield customers from criminal impostors that attempt to hijack the company’s email. Spoofed emails on a domain name are rejected or quarantined and administrators gain full visibility and control over their email ecosystem.

Valimail’s robust enterprise-grade cloud service scales to meet the largest healthcare organizations’ needs. Key features of our enterprise-grade infrastructure include:

  • Global deployment, with fully redundant 99.995% infrastructure
  • Data encryption at rest and in transit
  • SSO/Access controls/2-factor authentication
  • Privacy Shield Certified/ISOC2
  • GDPR compliant/No PII

As cyber threats mount against healthcare providers, deploying DMARC is an essential solution to protecting their patients' data privacy.

Philip Reitinger
President and CEO of GCA

18 percent of healthcare employees identified phishing emails as legitimate ones, compared to 8 percent of the general population.

2017 State of Privacy and Security Awareness Report