Proofpoint released new research identifying that 72% of the top hospitals in the UAE and Saudi are lagging behind on basic cybersecurity measures, subjecting citizens to a higher risk of email fraud. These findings are based on a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of the top hospitals in the UAE and KSA. DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’s identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox.
The analysis revealed that only 28% of UAE and KSA hospitals have implemented the strictest and recommended level of DMARC protection (‘reject’). This means that 72% are not proactively blocking fraudulent emails from reaching users. Furthermore, only 69% of UAE hospitals have published a basic DMARC record, meaning 31% are taking no steps to protect users from potential email fraud.
Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint, said, “The healthcare industry is rapidly becoming a target for cybercriminals due to the sensitive patient data these institutions hold. In addition, from an attacker’s perspective, healthcare organizations are high value targets for ransomware attacks as they would have great motivation to pay up to restore systems quickly.”
He added, “A broader security strategy will be crucial to secure the future of the healthcare sector in the UAE and KSA, which has been identified as a priority area under the respective national agendas of both countries. The healthcare industry must pursue a security strategy that focuses on people, because threat actors will continue to convince victims to click malicious links, download unsafe files, install malware, and disclose sensitive information. Moreover, their security strategy will have to adapt to new business models to protect health information wherever it is stored – whether within the hospital or beyond.”