Skip to main content
CISA Recommends DMARC for Healthcare Organizations

CISA Recommends DMARC for Healthcare Organizations

Ecosystem NewsEmail Security Insights

As phishing continues to be the top attack method for cyber criminals to infiltrate the networks of healthcare organizations to steal medical data, personal identifiable information and deploy ransomware, the Cybersecurity and Infrastructure Security Agency (CISA) has published a DMARC fact sheet relative to healthcare organizations.

DMARC removes guesswork from the receiver’s handling of emails from non-authoritative email servers, reducing the user’s exposure to potentially fraudulent and harmful messages. A DMARC policy allows a sender to indicate that their emails are protected by Sender Policy Framework (SPF) and/or Domain Keys Identified Message (DKIM), both of which are industry-recognized email authentication techniques.


A recent study illustrates how prone healthcare organizations are to phishing. Researchers studied email practices in healthcare and discovered that one in seven phishing emails were opened by employees. Those odds point to the need for a multifaceted approach to email security, including employee training and utilizing email authentication best practices.

dmarcian is here to help people understand DMARC and the email security it provides. Check out our platform with no obligation and get assistance from our DMARC Management Platform and expert team.

Want to continue the conversation? Head over to the dmarcian Forum.