Healthcare industry 'behind by a country mile' in email security

The healthcare industry lags behind almost all others when it comes to privacy and security practices--and that holds true when it comes to email communication as well, according to a report from Agari.

The email security company, in a recent survey, found that health insurance companies had the lowest "TrustScore" when it comes to keeping online communication secure. An email from a healthcare company is "four times more likely to be fraudulent than an email purportedly from a social-media company like Facebook," according to the report.

In addition, the survey's authors say that about 30 percent of healthcare companies had a trust score of 0.

"The poor folks in healthcare have traditionally not had much digital interaction," Patrick Peterson, Agari founder and CEO, tells Fortune this week. They're the ones furthest behind by a country mile."

This is damaging news for the industry--especially in the wake of the biggest security breach it has yet seen. Information of about 80 million former and current customers of health insurance company Anthem was compromised in a hack announced early this month. And to that end, Agari's Peterson tells Fortune that in the survey, "Anthem, quite unsurprisingly, did very poorly."

In addition, many security professionals in the United States say they feel ill-prepared to defend against cybersecurity attacks, according to new research conducted by The Ponemon Institute and sponsored by Lockheed Martin.

However, one healthcare organization is showing promise in its security efforts, according to Agari. Aetna earned a TrustScore of 100 in the third quarter of 2014 and stayed there through quarter four, according to the survey. Aetna's trusted email program recently was recognized by CSO as one of 50 groundbreaking safety and security efforts.

Cybersecurity problems are gaining more attention as attacks on industries increase. Late last month, President Barack Obama touted cybersecurity as one of his top priorities in his State of the Union address. While the president's cybersecurity plan is not specific to the health industry, it has won the endorsement of HITRUST and calls for increased sharing of information on cyberthreats from the private sector with protection from liability.

To learn more:
- here's the Agari report (.pdf)
- read the Fortune article