Spam and Virus Protection

Healthcare organizations must ensure all risks to the confidentiality, integrity, and availability of protected health information are identified and reduced to a reasonable and acceptable level and no HIPAA risk management plan would be complete without spam and virus protection for email. More than 90% of all data breaches start with a phishing email (Cofense) and email is the most common location of breached PHI.

An Industry Under Attack

Aside from 2015 when there was a temporary blip, the number of healthcare data breaches reported each year has increased every year. 2019 was a record-breaking year for healthcare data breaches with 365 breaches of more than 500 records reported. 2019 looks set to be another record-breaking year, with more breaches reported than this time last year.

While there are many causes of healthcare data breaches, account compromises, malware, and ransomware attacks account for a large percentage. The primary method of delivering malware, viruses, and ransomware is spam email. A study by Verizon found 66% of all malware found on healthcare networks originated from attachments in spam email. Phishing is the main method of gaining access to sensitive health data and attacks are predominantly conducted via email.

A firewall is necessary to prevent your internal network from being accessed remotely by unauthorized individuals. Spam and virus protection should be second on your list to keep your networks secure.

How Do Anti-Spam and Email Anti-Virus Solutions Work?

Two important front-end checks can help to identify fraudulent emails. Recipient Verification Protocols and Sender Policy Frameworks. Frameworks such as DMARC are used to determine whether emails have been sent from authorized users of domains. These checks identify spoofed emails and brand impersonation and prevents spoofed messages from being delivered to inboxes.

Greylisting is another tactic employed by some spam filtering solutions to assess suspicious IP addresses. A message is rejected along with a request to resend. The delay in receiving the message is an indication of whether the message has been sent from a genuine mail server or one used for spamming. Most genuine message are resent within 2 minutes.

Another core component of an anti-spam solution is an anti-virus engine. This is a signature-based malware, virus, and ransomware detection system that is effective at identifying and quarantining/deleting all known malware contained in emails and email attachments. Each message is subjected to an antivirus scan, usually at the gateway, and all detected malware threats are blocked.

The anti-virus scan is the first line of defense against malware, but signature-based detection systems have their limitations. It is only possible to detect known malware variants, the signatures of which must be included in the virus definition list. Zero-day malware – new malware variants – can pass through this initial check undetected.

Some anti-spam solutions incorporate additional mechanisms to identify potentially malicious attachments. Sandboxing allows attachments to be opened in a safe environment where they can be studied for malicious activity. This greatly reduces false positives and provides protection against zero-day malware threats.

Malware and ransomware are constant threats in healthcare, but an even bigger threat comes from phishing. The purpose of the attacks is to convince users to disclose sensitive information, usually their login credentials. Phishing emails usually contain an embedded hyperlink, which may be hidden in an attachment, that the user is required to click for a specific urgent reason detailed in the email.

Detecting these messages requires advanced capabilities. One of the processes uses is called SUBRL filtering. This is a process by which the URLs embedded in a message are checked against blacklists of malicious websites.

Advanced Anti-Spam and Anti-Virus Protection for Email

The healthcare industry is a prime target for hackers and the industry suffers more data breaches than any other industry sector. Email is the most common method of attacking healthcare organizations, so advanced anti-spam and antivirus protection for email is essential.

Without an effective email security system in place, it will not be possible to reduce risks to the confidentiality, integrity, and availability of PHI to a reasonable and acceptable level and be in compliance with HIPAA.