Majority of top hospitals in the UAE and Saudi Arabia are lacking in fundamental cybersecurity measures. As a result, citizens in these regions are at a heightened risk of falling victim to email fraud.
A new research by Proofpoint identified that 72 percent of the top hospitals in the UAE and Saudi Arabia are lagging behind on basic cybersecurity measures.
The research was based on an analysis of Domain-based Message Authentication, Reporting, and Conformance (DMARC) within the top hospitals in the UAE and Saudi Arabia. DMARC is an email validation protocol designed to safeguard domain names against misuse by cybercriminals. It verifies the sender’s identity before allowing a message to reach its in-tended recipient. DMARC offers three levels of protection – monitor, quarantine, and reject – with reject being the most secure, preventing suspicious emails from reaching the inbox.
The analysis uncovered that only 28 percent of hospitals in the UAE and Saudi Arabia have implemented the strictest and recommended level of DMARC protection, known as ‘reject.’ This means that 72 percent of hospitals are not proactively blocking fraudulent emails from reaching users. Furthermore, only 69 percent of UAE hospitals have published a basic DMARC record, indicating that 31 percent are not taking any measures to shield users from potential email fraud.
Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint, said, “The healthcare industry is rapidly becoming a target for cybercriminals due to the sensitive patient data these institutions hold. In addition, from an attacker’s perspective, healthcare organisations are high value targets for ransomware attacks as they would have great motivation to pay up to restore systems quickly.”
He added, “A broader security strategy will be crucial to secure the future of the healthcare sector in the UAE and Saudi Arabia, which has been identified as a priority area under the respective national agendas of both countries. The healthcare industry must pursue a security strategy that focuses on people, because threat actors will continue to convince victims to click malicious links, download unsafe files, install malware, and disclose sensitive information. Moreover, their security strategy will have to adapt to new business models to protect health information wherever it is stored – whether within the hospital or beyond.”
