Despite email attacks, healthcare still not using DMARC to protect against spoofing

The majority of large healthcare organizations worldwide are vulnerable to email domain spoofing, a leading vector for cyberattacks. Many organizations have not adopted the DMARC standard, which detects and prevents email spoofing. A recent study found that only 1.7% of healthcare organizations surveyed had implemented DMARC at the enforcement level, leaving 98.3% susceptible to impersonation attacks. This lack of protection represents a major risk for healthcare organizations, as phishing emails are the initial point of entry in 91% of successful cyberattacks.