1 out of 3 top Australian hospitals prone to email fraud: research
More than a third of Australia's top hospitals appear to lack basic cybersecurity protocols to protect themselves against email fraud and domain spoofing.
FINDINGS
In October, US-based cybersecurity firm Proofpoint conducted a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of 70 public and private hospitals in Australia.
DMARC is an email validation protocol that verifies a sender's identity before the message reaches its intended recipient. It has three levels of protection: monitor, quarantine and reject, with reject being the most powerful at preventing suspicious emails from reaching the inbox.
Based on this analysis, it was found that 36% of hospitals do not maintain the recommended strict DMARC level, while two hospitals do not have a DMARC record.
Public hospitals were found to offer better protection than private hospitals, with 77% of them having implemented the highest level of DMARC. Among private hospitals, less than half (44%) were using email authentication protocol at the same level.
THE BIG TREND
In 2020, 166 reports of cyber incidents in healthcare were submitted to the Australian Cyber Security Centre, an increase from 90 last year. Most of these reports involved compromised systems, which were most likely attacked by malicious actors taking advantage of the COVID-19 pandemic.
In the first half of the following year 2021 85 healthcare reports have been made to the Office of the Australian Information Commissioner regarding data breaches. Most cases involved phishing and ransomware.
This included the ransomware attack on UnitingCare Queensland, which was commandeered by a group known as REvil/Sodin. Also in the same year, Eastern Health suffered an IT outage due to a suspected cyber attack.
This year in October, SA Health informed about a data breach that affected Personify Care, the third-party provider of digital patient journeys. The said incident led to a folder containing the health information of 121 patients being deleted. However, there was no evidence that the deleted information was copied or downloaded.
ON THE RECORD
“With email-based phishing attacks still one of the most common techniques used by cybercriminals, hospitals must prioritize tightening email security,” said Steve Moros, senior director of the Advanced Technology Group at Proofpoint Asia Pacific and Japan.
“Implementing email authentication protocols such as DMARC provides a critical line of defense to strengthen protection against email fraud and ensure the safety of patients and their families, as well as employees and other stakeholders, from potentially harmful cyber threats.”