---
title: "The Relevance of Adopting Email Security Measures in The Healthcare Industry Post COVID-19 | DuoCircle"
description: "Today, the healthcare industry faces one of the most daunting tasks of protecting human life in an insecure cyber environment."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/"
---

Quick Answer

Healthcare is the highest-value target for email-based attacks because PHI and PII fetch top dollar on dark web markets and clinical operations cannot tolerate downtime. Bitglass reported a 55.1% rise in healthcare breaches in 2020, Interpol issued ransomware alerts to member countries about hospital targeting, and the WHO itself was hit by phishing during the pandemic. Required controls: SPF, DKIM, and DMARC at p=reject on every sending domain to stop spoofing of clinic and insurer communication, AI-assisted inbound filtering to catch spear-phishing aimed at clinicians and billing staff, multi-factor authentication on every mailbox, HIPAA-aligned retention via email archiving, and recurring phishing-awareness training. HIPAA sets the floor; most consumer mailbox providers do not meet it without these layers added on. Treat email security as patient safety infrastructure, not IT overhead.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Femail-security%2Fthe-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Relevance%20of%20Adopting%20Email%20Security%20Measures%20in%20The%20Healthcare%20Industry%20Post%20COVID-19&url=undefined%2Fblog%2Femail-security%2Fthe-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Femail-security%2Fthe-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Femail-security%2Fthe-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19%2F&title=The%20Relevance%20of%20Adopting%20Email%20Security%20Measures%20in%20The%20Healthcare%20Industry%20Post%20COVID-19 "Share on Reddit") [ ](mailto:?subject=The%20Relevance%20of%20Adopting%20Email%20Security%20Measures%20in%20The%20Healthcare%20Industry%20Post%20COVID-19&body=Check out this article: undefined%2Fblog%2Femail-security%2Fthe-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19%2F "Share via Email") 

![Email Security Measures](https://media.mailhop.org/duocircle/images/2021/09/buy-smtp-5412.jpg) 

Today, _the healthcare industry faces one of the most daunting tasks of protecting human life in an insecure cyber environment_. [Healthcare organizations](/phishing-protection/now-we-know-why-the-healthcare-industry-is-so-vulnerable-to-ransomware/) worldwide deal with massive amounts of medical records and other PHI (Public Health Information) and PII (Personally Identifiable Information). Such data is communicated internally and with other parties such as hospitals, medical centers, administrations, and insurance providers.

Healthcare organizations cannot function to their best without proper [email security](/), compliance management, and tools such as [MX backup](/email/email-backup-mx). Given the large-scale emailing activity within and outside organizations, it is impossible to protect them from cyberattacks such as data breaches and data loss without appropriate email security, including [phishing protection](/email/phishing-protection), **ransomware protection**, and other [anti-phishing services](/email/phishing-protection).

The below numbers help understand the rise of cybersecurity incidents in the healthcare industry.

1. _COVID-19 saw a [rise in breaches](https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q1HealthcareBreachReport2021.pdf?aliId=eyJpIjoiOE54NGRRTkhCZDY3aUxGMiIsInQiOiJ0RTZ1QVZXbnFPUGRhZXhVbmhyMmVnPT0ifQ%253D%253D) in the healthcare industry_ by **55.1% in 2020**.
2. [Interpol issued alerts](https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware) to its member countries due to the increase in **ransomware attack** attempts against hospitals.
3. Revere Health, a healthcare organization, [fell victim to a phishing attack](https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/) due to a lack of [phishing protection](/email/phishing-protection), exposing the medical records of **around 12,000 patients**.
4. Even [The WHO](https://www.who.int/news/item/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance) was not spared and was targeted by phishing scams due to the absence of **robust email security** and phishing protection measures in place.

These numbers clearly show that a lack of [email security](/) will lead to major vulnerability if the healthcare industry does not take significant protective measures.

## How is The Healthcare Industry Being Attacked?

To understand how to protect healthcare organizations from cyberattacks, _one must first understand how adversaries deploy malicious attacks_.

Most of the attacks unleashed by cyber adversaries are through emails to utilize employees’ lack of adequate [email security awareness](/phishing-awareness-training). These emails sent by the adversary appear to be authentic and trick the employee into downloading malicious files or divulging sensitive credentials. _Malicious files are used to gain access to the victim’s information assets_, thus exposing the network and the data therein to a cyber calamity. The malicious files may include keystroke loggers or adware in addition to ransomware. Credentials provide access to sensitive data about patients, their medical records, and other sensitive data that can be misused. Malicious actors sell this data on the [dark web](https://www.digitaljournal.com/business/health-related-patient-data-emerges-on-the-dark-web/article?%5F%5Fcf%5Fchl%5Fjschl%5Ftk%5F%5F=pmd%5F3LKrc9nWv1OTWtN9AHBnw2v0QqTBsrT9Qj0.iQEwnig-1631102986-0-gqNtZGzNAmWjcnBszQel) for hefty sums of money.

[![phishing protection](https://media.mailhop.org/duocircle/images/2021/09/SPF-record-checker-7123.jpg)](https://media.mailhop.org/duocircle/images/2021/09/SPF-record-checker-7123.jpg)

- Poor email security is a major motivator for attackers. The healthcare industry lacks a robust email security infrastructure that includes [phishing protection](/email/phishing-protection) and **ransomware protection**.

## Why is Adopting Email Security Security Measures Crucial?

This question arises because most healthcare organizations assume that their _[cybersecurity service provider](https://www.cisin.com/industry/cyber-security-services.htm) or MSP will always ensure email security_. However, that is not the case. Even though HIPAA has laid out standards to protect patient’s data, many email service providers do not meet those standards.

[Email security service](/) consists of various dedicated tools and techniques to protect the organization from cyber threats via email. It uses technology to secure access to the email accounts of an organization from incoming threats and outbound email traffic.

An experienced email service provider with **email security** at the core will provide you with at least the following services:

| Spam filtering        | Outbound SMTP              |
| --------------------- | -------------------------- |
| Email hosting         | SPF protection             |
| Email encryption      | MX backup                  |
| Email archiving       | DMARC reporting            |
| Smart quarantine      | DKIM Implementation        |
| Email forwarding      | Phishing protection        |
| Ransomware protection | Tenant to tenant migration |

## What Are The Best Practices to Protect The Healthcare Industry From Security Incidents?

_Cybersecurity is often thought of as a single tool that will solve all cybersecurity-related incidents_. However, the right approach to achieving cybersecurity in an organization is to place multiple protection methods at various layers. Explained below are some crucial steps to protect any healthcare organization from email threats.

### Secure email infrastructure using SPF, DKIM, And DMARC

Healthcare organizations should incorporate [SPF](/resources/what-is-spf), [DKIM](/resources/what-is-dkim), and [DMARC](/resources/what-is-dmarc) in their email security system for [phishing protection](/email/phishing-protection), given the constant email threats. SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are three _protocols that ensure secure emails by verifying sender identity and authenticating the communications_.

### Deploy AI-based email inbox protection

Organizations can involve MSPs that provide [AI-based tools](/msp-email-security/how-msps-can-leverage-the-latest-technologies-to-improve-their-efficiency/) to learn email patterns and detect any **spear phishing attacks**. It also includes domain fraud visibility and identifies high-risk individuals. If any threats are detected, the organization and its clients receive notifications.

### Secure data using multi-factor authentication

Multi-factor authentication ensures that all organizational accounts require additional layers of authentication to be accessed. It verifies users’ identity based on what they know, who they are, and what they have.

### Maintain regulatory compliances

Regulatory compliances go beyond merely following the law. _It ensures that organizations maintain the privacy of the patients who trust them by securing their data_. Failing to preserve submissions may lead to potential actions against the organizations.

### Educate employees

_Humans are at the core of every industry and even more so for the healthcare industry_. Additionally, humans are at the helm of the cybersecurity aspect of the industry as well. Therefore, they need to be trained and educated about **email security** and the threats posed by suspicious emails. Such [education and awareness](/phishing-awareness-training) will help organizations secure the infrastructure from within.

## Final Words

It is time that the healthcare industry took a patient-centric approach to cybersecurity and focused on protecting patient data. Various regulatory bodies have established protocols to be followed by healthcare organizations, medical centers, and hospitals. These steps are crucial in protecting user data. However, the healthcare industry must allow cybersecurity experts to enhance the healthcare-cybersecurity interface and protect organizations from email security scares.

[![email security](https://media.mailhop.org/duocircle/images/2021/09/spf-record-3698.jpg)](https://media.mailhop.org/duocircle/images/2021/09/spf-record-3698.jpg)

_Collective effort is vital to assess and identify the common threats and work towards eliminating them_. Critical employees are prone to **phishing emails** and other email security threats. Therefore, the need of the hour for healthcare organizations is to invest in next-gen [email security](/) measures to maintain the confidentiality, integrity, and availability of their organization’s information assets.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Email Security 8m  BIMI in 2026: What the Certificate Authority Does, and What Your DMARC Tool Does  May 5, 2026 ](/blog/bimi-2026-what-the-ca-does-what-your-dmarc-tool-does/)[  Email Security 8m  Designing A Custom Dkim Architecture For High-Volume Email Senders  Apr 28, 2026 ](/blog/designing-custom-dkim-architecture-for-high-volume-email-senders/)[  Email Security 12m  DMARC, SPF, and DKIM in 2026: Why Email Authentication Is Now a Regulatory Requirement, Not Just a Best Practice  Apr 29, 2026 ](/blog/dmarc-spf-dkim-2026-email-authentication-regulatory-requirement-best-practice/)[  Email Security 5m  Email Monitoring Tools: A Complete Guide to Protecting Your Email Ecosystem  May 7, 2026 ](/blog/email-monitoring-tools-guide-protecting-your-email-ecosystem-security/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Relevance of Adopting Email Security Measures in The Healthcare Industry Post COVID-19","description":"Today, the healthcare industry faces one of the most daunting tasks of protecting human life in an insecure cyber environment.","url":"https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/","datePublished":"2021-09-14T15:13:18.000Z","dateModified":"2025-09-04T13:06:15.000Z","dateCreated":"2021-09-14T15:13:18.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/"},"articleSection":"email-security","keywords":"","wordCount":969,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2021/09/buy-smtp-5412.jpg","caption":"Email Security Measures","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Email Security"},{"@type":"ListItem","position":3,"name":"The Relevance of Adopting Email Security Measures in The Healthcare Industry Post COVID-19","item":"https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Email Security","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"The Relevance of Adopting Email Security Measures in The Healthcare Industry Post COVID-19","item":"https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Relevance of Adopting Email Security Measures in The Healthcare Industry Post COVID-19","description":"Today, the healthcare industry faces one of the most daunting tasks of protecting human life in an insecure cyber environment.","url":"https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/","datePublished":"2021-09-14T15:13:18.000Z","dateModified":"2025-09-04T13:06:15.000Z","dateCreated":"2021-09-14T15:13:18.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/email-security/the-relevance-of-adopting-email-security-measures-in-the-healthcare-industry-post-covid-19/"},"articleSection":"email-security","keywords":"","wordCount":969,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2021/09/buy-smtp-5412.jpg","caption":"Email Security Measures","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```