Spam and Virus Protection

Healthcare organizations must ensure all risks to the confidentiality, integrity, and availability of protected health information are identified and reduced to a reasonable and acceptable level and no HIPAA risk management plan would be complete without spam and virus protection for email. More than 90% of all data breaches start with a phishing email (Cofense) and email is the most common location of breached PHI.

An Industry Under Attack

Aside from 2015 when there was a temporary blip, the number of healthcare data breaches reported each year has increased every year. 2019 was a record-breaking year for healthcare data breaches with 365 breaches of more than 500 records reported. 2019 looks set to be another record-breaking year, with more breaches reported than this time last year.

While there are many causes of healthcare data breaches, account compromises, malware, and ransomware attacks account for a large percentage. The primary method of delivering malware, viruses, and ransomware is spam email. A study by Verizon found 66% of all malware found on healthcare networks originated from attachments in spam email. Phishing is the main method of gaining access to sensitive health data and attacks are predominantly conducted via email.

A firewall is necessary to prevent your internal network from being accessed remotely by unauthorized individuals. Spam and virus protection should be second on your list to keep your networks secure.

How Do Anti-Spam and Email Anti-Virus Solutions Work?

Two important front-end checks can help to identify fraudulent emails. Recipient Verification Protocols and Sender Policy Frameworks. Frameworks such as DMARC are used to determine whether emails have been sent from authorized users of domains. These checks identify spoofed emails and brand impersonation and prevents spoofed messages from being delivered to inboxes.

Greylisting is another tactic employed by some spam filtering solutions to assess suspicious IP addresses. A message is rejected along with a request to resend. The delay in receiving the message is an indication of whether the message has been sent from a genuine mail server or one used for spamming. Most genuine message are resent within 2 minutes.

Another core component of an anti-spam solution is an anti-virus engine. This is a signature-based malware, virus, and ransomware detection system that is effective at identifying and quarantining/deleting all known malware contained in emails and email attachments. Each message is subjected to an antivirus scan, usually at the gateway, and all detected malware threats are blocked.

The anti-virus scan is the first line of defense against malware, but signature-based detection systems have their limitations. It is only possible to detect known malware variants, the signatures of which must be included in the virus definition list. Zero-day malware – new malware variants – can pass through this initial check undetected.

Some anti-spam solutions incorporate additional mechanisms to identify potentially malicious attachments. Sandboxing allows attachments to be opened in a safe environment where they can be studied for malicious activity. This greatly reduces false positives and provides protection against zero-day malware threats.

Malware and ransomware are constant threats in healthcare, but an even bigger threat comes from phishing. The purpose of the attacks is to convince users to disclose sensitive information, usually their login credentials. Phishing emails usually contain an embedded hyperlink, which may be hidden in an attachment, that the user is required to click for a specific urgent reason detailed in the email.

Detecting these messages requires advanced capabilities. One of the processes uses is called SUBRL filtering. This is a process by which the URLs embedded in a message are checked against blacklists of malicious websites.

Advanced Anti-Spam and Anti-Virus Protection for Email

The healthcare industry is a prime target for hackers and the industry suffers more data breaches than any other industry sector. Email is the most common method of attacking healthcare organizations, so advanced anti-spam and antivirus protection for email is essential.

Without an effective email security system in place, it will not be possible to reduce risks to the confidentiality, integrity, and availability of PHI to a reasonable and acceptable level and be in compliance with HIPAA.


Will a spam filter block all email threats?

The best spam filters will typically block in excess of 99.9% of spam emails. It is possible to block all spam and malicious emails with more aggressive settings, but that may also see some genuine emails quarantined, which will have to be released manually. Tweaking the settings will help you to achieve the right balance.

How can I improve Microsoft 365 email security?

Many businesses rely on the Office 365 spam filter to block phishing attacks, but Microsoft’s Exchange Online Protection (EOP) fails to block many phishing threats as it only provides a basic level of protection against spam, malware, and phishing. To better protect your email environment and block sophisticated phishing threats, consider implementing a third-party spam filter on top of EOP.

How can I improve protection against phishing attacks?

In addition to an advanced spam filter, consider a web filter. A web filter provides time-of-click protection against malicious hyperlinks in emails. You should also ensure multi-factor authentication is applied to your email accounts. In the event of credentials being compromised, MFA should block attempts to use those credentials to access accounts.

Why is outbound email scanning important?

Some spam filters also include outbound email scanning. This is an important feature that can help to identify mailboxes that have already been compromised and is being used to send spam and phishing emails. Outbound scanning can also detect attempts by employees to email sensitive data outside the company, such as to personal email accounts.

Does greylisting delay email delivery?

If you enable greylisting on your email security solution, there will be a short delay receiving certain messages. The delay is usually only a few minutes, but if that delay could negatively impact the business, consider whitelisting trusted IP addresses and domains. This will stop greylisting for messages received from those IPs/domains.