Healthcare Sector Most Vulnerable to Cyberattacks


The financial sector has always been a favorite among cyberattacks, with phishers and spammers duping unknowing victims into clicking on fake links in order to gain access to their bank account.  However, the healthcare sector is quickly becoming the preferred sector for cyberattacks because it is less secure and full of “soft targets,” including the elderly and the sick, according to cybersecurity company Agari’s Q3 Trust Index.

The report, which analyzed email data from over a trillion messages, shows that while consumers remain seven times more likely to become victim to a cyberattack from their bank versus any other industry sector, the healthcare sector is the least protected.  In fact, Agari said that 40% of the healthcare companies they reviewed had no email authentication in place  and not a single Health Care domain had gone beyond monitoring to using DMARC (Domain-based Message Authentication, Reporting & Conformance) to block phishing attacks, giving criminals an “all access pass” to healthcare websites.

As a result, at least 1 of every 10 messages from health care domains was malicious, Agari reported.  The report also identified HCA Healthcare, which delivers almost 5% of all inpatient care in the US, as the most counterfeited domain of the domains Agari analyzed when it comes to email. Agari said that HCA is responsible for over half of the spam in the sector in Q3 with the chance of actually getting a genuine email from them as a consumer only 1 in 2.

The report used email data to establish two benchmarks including ThreatScore and TrustScore.  ThreatScore identifies the market sectors that are most often targeted by cybercriminals.  In the third quarter, the financial sector remained the most targeted by cybercriminals with a score of 7.1, while healthcare came in second with a score 5.98.

The report also measured  a benchmark called TrustScore which measures how well a sector is doing at protecting their customers from cybercriminals.   The Social Sector, which includes companies such as Facebook and Twitter, had the highest TrustScores because they are investing the most in protecting consumers through email.

But while many companies can spend millions of dollars trying to prevent cybercriminals from accessing user information, consumers, even the most savvy, are still at risk of being a victim.  The report showed that truly determined phishers can craft messages that fool the most skeptical, let alone your average grandmother, teenager, or Internet newbie.

Agari CEO Patrick Peterson said that while consumers should be wary of fake emails, the bulk of the responsibility lies with the company.

“Of course it is smart for consumers to be cautious with their personal information, but at the same time the company has an obligation to take reasonable steps to provide security for their customers,” Peterson said.

Overall, your odds of getting the flu this year are about the same as your chance of getting fake mail from a bank, insurance company, or online payment service, the report said.