A new report has revealed that 43% of health email breaches are connected to Microsoft 365 due to security gaps.
According to a press release on 13 March, 37.2% of Microsoft 365 users had DMARC in ‘monitor-only’ mode, leaving phishing attempts undetected.
Paubox, the firm that released the report, said Healthcare Email Security Report shows that email remains the leading attack channel.
Cybersecurity a big challenge for healthcare
Cybersecurity has increasingly become a challenge for all industries, but especially for healthcare, often resulting in financial penalties, compromised patient data, and increased enforcement actions from regulators.
According to the report, many healthcare organizations still fail to implement fundamental email security protocols despite a 50% increase in healthcare cybersecurity spending since 2018.
The report further revealed that 98.9% of breached organizations lacked MTA-STS protections, exposing email communications to interception.
OCR Director Melanie Fontes Rainer said:
“HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
The prevalence of email-related breaches in 2024 validates this warning, as many healthcare organizations only realize their security gaps after a serious incident occurs.
Indeed, several healthcare organizations have suffered attacks 2024. According to an earlier report from HIPAA, there were 13 data breaches in the year, involving over 1 million health records, one of which affected 100 million individuals.
This calls for greater precaution to ensure that the records of patients are well secured and those seeking to breach such databases are not able to.
Microsoft needs to step up
It is disturbing that all these data breaches concern health organizations, but even more disturbing that close to 50% of them are linked to Microsoft 365 alone.
That’s an alarming fact, and Microsoft will need to step up its security game to protect its users and ensure they are shielded from such breaches.
ReadNext
