Proofpoint, a cybersecurity and compliance company, has released new research indicating that a significant number of top hospitals in the United Arab Emirates (UAE) and Saudi Arabia (KSA) are putting their citizens at risk of email fraud. According to the study, approximately 72% of these hospitals lack basic cybersecurity measures, leaving individuals vulnerable to email scams.
The research conducted by Proofpoint involved an analysis of Domain-based Message Authentication, Reporting, and Conformance (DMARC) within the top hospitals in the UAE and KSA. DMARC is an email validation protocol designed to safeguard domain names from misuse by cybercriminals. It verifies the sender’s identity before permitting a message to reach its intended recipient. DMARC offers three levels of protection—monitor, quarantine, and reject—where reject is the most secure in preventing suspicious emails from infiltrating the inbox.
The analysis revealed that a mere 28% of UAE and KSA hospitals have implemented the highest and recommended level of DMARC protection, known as “reject.” Consequently, 72% of these hospitals are not proactively blocking fraudulent emails from reaching their users. Additionally, only 69% of UAE hospitals have published a basic DMARC record, meaning that 31% are taking no action to shield users from potential email fraud.
Emile Abou Saleh, the Regional Director for the Middle East and Africa at Proofpoint, expressed concerns regarding the healthcare industry’s susceptibility to cybercriminals. Given the sensitive patient data that healthcare institutions possess, they have become prime targets for hackers. Moreover, healthcare organizations are attractive targets for ransomware attacks, as they often have a strong motivation to swiftly restore their systems by paying the ransom.
Saleh emphasized the need for a comprehensive security strategy to safeguard the future of the healthcare sector in the UAE and KSA. As healthcare continues to be a priority area within the national agendas of both countries, a security approach focused on people is crucial. Threat actors will persist in their attempts to deceive individuals into clicking malicious links, downloading unsafe files, installing malware, and divulging sensitive information. Additionally, healthcare organizations must adapt their security strategies to protect health information, regardless of where it is stored—within the hospital or beyond.
In summary, Proofpoint’s research highlights the concerning cybersecurity vulnerabilities in the leading hospitals of the UAE and KSA, which puts citizens at a higher risk of falling victim to email fraud. Urgent action is required to implement stricter DMARC protection and establish comprehensive security strategies to safeguard the healthcare sector and the sensitive data it holds.
