Three Top Healthcare Security Challenges… And How to Tackle Them

The healthcare industry has a big security problem. Medical data—worth 10 times more on the black market than a credit card number—is coveted by criminals. As a result, cyber attacks in healthcare are skyrocketing (up 125% since 2010) and are now the leading cause of data breaches.


But there are proactive steps teams can take to defend their customers, brand reputation, and revenue. Here are three top healthcare security challenges and how to tackle them.

Challenge 1: Cost pressures
Despite the soaring number of cyber attacks in healthcare, the industry spends very little on cybersecurity. ABI Research calculates cybersecurity spend for healthcare protection will only reach $10 billion globally by 2020, just under 10% of the total spend on critical infrastructure security.

This lack of investment ends up being expensive. In 2014, medical identity theft increased by nearly 22 percent. This amounts to an estimated $12 billion annual unbudgeted cost to the healthcare industry, further compounding existing budgetary pressures.

The solution: Create a business case for healthcare security
Investment in cybersecurity and consumer protection starts at the top. Create a business case for bolstering customer and brand protection by communicating the business impact. If you have a breach, for example, research suggests that 60% of your customers will think about moving and 30% actually do. Cyber attacks end up costing  the US healthcare system $6 billion every year. Statistics like these will help reveal how investing in security helps drives business outcomes.

Challenge 2: Compliance and regulation
With healthcare data breaches expected to rise, government agencies, such as HIPAA (Health Insurance Portability and Accountability Act), are imposing regulations that are broader in reach than ever before.

Today’s penalties for data breaches are increasingly onerous: fines are bigger, notification requirements are more stringent, and enforcement agencies have new incentives for taking action against organizations that fail to protect healthcare privacy. And the requirement to publicly notify customers about the data breach means lost trust and tarnished reputations for brands, which negatively impacts the business’ bottom line.

The solution: Secure email with HIPAA’s privacy and security rules
HIPAA Privacy and Security Rules  allow covered healthcare providers to communicate electronically as long as they apply reasonable safeguards when doing so. Follow these rules closely to secure your outbound email and avoid compliance issues.

Patients may initiate electronic communications, but the healthcare provider must make the patient aware of the potential risks of using unencrypted email. For example, healthcare providers may need to take certain precautions including:

  • Checking the email address for accuracy before sending an email message
  • Sending an email alert to patients for address confirmation prior to sending the message
  • Limiting the amount or type of information disclosed through unencrypted email

Challenge 3: Outbound email as a threat vector
Email is a primary vector for healthcare organizations and professionals to communicate with clients and patients. It’s also the most vulnerable to attacks.

There’s no doubt that healthcare organizations should continue to build strong defensive controls against inbound cyber threats. However, when it comes to outbound email threats, the healthcare industry isn’t doing enough to protect customers. This needs to change.

The solution: Email authentication and email threat intelligence
Implementing DMARC (Domain-based Message Authentication Reporting and Conformance) is the best way to ensure that fraudsters cannot send emails spoofing your brand from any of the sending domains you control. DMARC ensures bad email gets blocked before it even hits the client’s inbox.

It’s also important to defend against the 70% of email attacks that spoof healthcare brands using domains the company does not own. Email threat intelligence empowers companies to see all email attacks spoofing the brand, and react quickly to shut down phishing sites before customers are compromised.

Want to learn more about fighting email fraud in healthcare? Check out this guide.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time