Request Information

Request Information

or Call 1.877.459.4347

Email Vulnerability in Healthcare

Email Vulnerability in Healthcare
May 10, 2018 / Evolve IP

Exposing the common vulnerabilities that drive ransomware and make off-site disaster recovery essential

While it should come as no surprise, security and growing regulatory burdens are the top concerns for healthcare CIO’s. Ransomware, denial of service, and data theft attacks are in the headlines every day. The estimated annual cost of ransomware payments in 2016 was over one billion dollars. In fact, the number of ransomware attacks in 2016 was up by more than 4 times.¹ PHI security, data breaches, and data theft remain critical issues. Cybercriminals have learned to follow the path of least resistance. Rather than trying to penetrate network security fortifications, they seek access to systems through the compromise of valid user accounts. Stealing credentials and using them to access a network is easier, less risky, and ultimately more productive than exploiting a perimeter vulnerability.The most common starting point is e-mail attacks, such as phishing. According to Verizon’s 2016 Data Breach Investigations Report:
  • 30% of phishing messages were opened by the target across all campaigns
  • About 12% went on to click the malicious attachment or link and thus enabled the attack to succeed.
Given these numbers, it’s no surprise that emails are the number one contributor to data breaches. In fact, 63% of breaches in the US are the result of a compromised email credential. While no industry is safe, the threat to the healthcare industry is equally astonishing and growing.Based on findings in the Ponemon Institute’s 2016 Study on Privacy and Security in Healthcare, 90% of healthcare organizations have had a data breach in the past two years. The study estimates that the resulting cost of these breaches to the U.S. Healthcare industry alone is $6.2 billion. 
You CAN see in the dark
Historically, organizations have been unable to see the swirling pool of potential email attacks and to detect specific vulnerabilities until it’s too late. Only after a breach do they find malicious code on a laptop or identify the need for user training.  But the battle for corporate email information is taking place in plain sight every day for those that navigate the Dark Web. This is the playground where stolen email credentials – typically including user’s corporate email address and passwords — are being openly shared and sold among the multitude of “customers” in the hacking community.That’s why Evolve IP and ID Agent collaborated on a healthcare industry-specific study of Dark Web email vulnerabilities. We reviewed over 1,000 healthcare—related organizations to determine how prevalent these exploits are and how these vulnerabilities evolveThis paper explains the pervasive nature of email compromises and sheds light on the quantity, variety, sources, and consistent growth of these threats.The study results are eye-opening. Overall, 68% of all analyzed covered entities and their business associates have employees with visibly compromised accounts — 76% of which include actionable password information. 
The bottom line: Be prepared
The survey findings illustrate the need for 100% reliable and responsive business continuity solutions and rapid-response disaster recovery.  How your reactive protection is set up makes the difference between a minor glitch and a major catastrophe. 

What do the results mean?

The potential for monetary loss is significant

• Healthcare firms are under attack — new data published to the Dark Web every day provides a window into the volume of new email and passwords that criminals have accessed.

Controlling human behavior is the underlying challenge

• There is a constant need to monitor for vulnerabilities and train personnel regarding email best practices.

The need for data backups and disaster recovery is clear

• Ransomware is a billion dollar program and growing.

• Gaps in security have allowed phishing attacks to become more effective.

• As the volume and quality of data elevate, malicious efforts are experiencing increased success.

Overall, 68% of all analyzed covered entities and their business associates have employees with visibly compromised accounts— 76% of which include actionable password information. 

Survey Methodology

The Deep Web is a portion of the Internet that is hidden from conventional search engines and the general public. Search engines like Google, BING and Yahoo only search the surface web, also known as the World Wide Web (www).  It’s estimated that the Deep Web is 400 to 550 times larger than the surface web and it is generally used by organizations such as universities to archive research and things of that nature.Within the Deep Web there is a portion called the Dark Web. These are enclaves, sites, and forums within the Deep Web where users can operate anonymously to avoid law detection. This is the part of the web that ID Agent analyzed for the benchmark survey. Using ID Agent’s proprietary Dark Web ID analysis technology, ID Agent and Evolve IP analyzed 1,000 healthcare companies representing a variety of business types and sizes. The industry segments targeted included both HIPAA covered entities as well as many business associates who provide services to the covered entities.Segments Studied  
How do criminals use stolen credentials?
There is a fairly common exploit lifecycle:
  1. Gain access to data from emails that have been exploited via phishing, malware, data breach, social engineering, or some other form of attack
  2. Use the data obtained to study the targeted corporations or individuals
  3. Eventually, gain system access
  4. Establish a foothold
  5. Gain more privileges
  6. Move laterally throughout the organization and through the supply chain to extract data or control system access
Vulnerability Statistics
On average, more than 68% of the firms reviewed have compromised email credentials visible and available on the Dark Web.  The numbers range from 55.6% to 80.4% depending on industry segment.  The results show it is incredibly common for compromised email and password combinations to be out on the Dark Web.  Even organizations with one compromise still face huge risks and the risk is proportional to company size. One organization in the study had over 300 compromised credentials.  Even if the password has been changed, password patterns and human tendencies make brute force attacks and social engineering significantly easier with this information.
Comprimise Percent by Healthcare Industry Segement
Passwords are easy to steal
76% of the stolen email records we reviewed on the Dark Web had an associated password.  Of this 76%, 23% had fully visible text passwords.  In many cases, these passwords are outdated, but that does not limit their value. More than three-quarters of people use the same or similar passwords across all of their online activities. By understanding the types of changes people make to their passwords over time, hackers can create a user profile and determine a person’s new password fairly accurately by using simple guessing or sophisticated automated algorithms.Percent of Stolen Credentials that Include Passwords The remaining 77% were cryptographically hashed passwords. Simply hashing the password does not meet today’s needs for security.  Hackers can easily use a variety of methods (many of which are available online) to crack hashes, including dictionary attacks, brute force attacks, lookup tables, reverse lookup tables and rainbow tables.This is why strong, unique passwords are paramount for each account and why passwords should change over time. 
What type of compromise exposed the user credentials?
The study aimed to dig deeper than just how many names were compromised per organization.  ID Agent’s analysis evaluated where the data originated and from where it was stolen. There are numerous points of attack, each raising a unique degree of concern. The majority of the data (55%) is the result of known data breaches where user credentials were stolen in bulk (often in widely publicized events) and then published by the perpetrators. However, the most concerning finding is the relatively small segment of email credentials (6%) directly related to phishing or keylogging attacks. While the percentage is in single digits, keep in mind that this represents over 450 individual incidents where companies in our study had exposures, any one of which could lead to ransomware, denial of service attacks, or PHI breaches. How are email credentials being stolen? 

Evolve IP’s comprehensive security approach

Email vulnerability is a significant contributor to the tremendous range of threat vectors that are confronting healthcare organizations. The rest of this paper will look at security best practices that help organizations avoid costly email-related breaches and also help establish a systematic and structured security posture that is consistent with world-class enterprises.The goals can be boiled down into three basic categories that every organization should embrace:

1. Proactive Threat Intelligence 2. Continuous Security Management 3. Rapid Incident Response and Recovery

1. Proactive Threat Intelligence
The objective is to identify and control—not just to observe—the technical threats and vulnerabilities by understanding and limiting the volume of viable environmental threats.The ability to see vulnerabilities is critical for identifying hidden Dark Web threats before criminals exploit them.  ID Agent provides this visibility on a regular basis and allows real-time response to urgent keylogging and phishing related compromises. With ID Agent’s information, you can understand when malware removal,  forced password changes,  or training of employees may be required.  This data also allows firms to understand user activity and behavior over time which helps compliance teams see whether their efforts are making an impact. Are you seeing fewer credentials on the Dark Web? Is there rapid growth in activity? Proactive vulnerability reports highlight the answers.This type of monitoring enables preemptive threat resolution and cuts off threats at the pass by:
  • Enabling immediate response to keylogging or phishing compromises that may be actively bypassing your security barriers
  • Providing alerts and ongoing monitoring of corporate emails and IP addresses that are being traded by hackers
  • Identifying individual instances of email policy violations as well as general user training issues
2. Continuous Security Management
The challenge of infrastructure security is driven by the rapid pace in which the definition of “security” changes.  The nature of attacks and the creativity of attackers evolves on a daily basis. The ability to identify and block these threats becomes critical and overwhelming. That’s why day to day, real-time security analysis, and infrastructure management is the second type of protection that organizations must master. Evolve IP’s approach is designed to quickly incorporate:
  • New security standards and regulations
  • Changes to existing authoritative sources
  • Information about recent data breaches
  • Industry feedback, best practices, and lessons learned
These characteristics and capabilities are consistent with a solid security foundation.  However, while establishing such an environment empowers healthcare organizations to stay ahead of many emerging threat vectors, there is no known way to eliminate the potential of an attack. 
3. Rapid Incident Response and Recovery
In healthcare, both money and lives are on the line. Losing system or file availability (for instance in the event of a ransomware attack), or getting shut down by a DDoS attack can have serious, immediate, and negative implications. The best practice for ensuring ransomware protection and business continuity is to proactively create multiple, secure, and physically separate copies of all servers, applications, and data.  This approach allows rapid restoration of your business operations in the event that your systems are compromised by an attack. The FBI agrees, as illustrated by this excerpt from a recent blog post on their website:Organizations, in particular, should focus on prevention efforts — both awareness training and robust technical prevention controls — and solid business continuity planning. As part of that plan, you should:
  1. Back up data regularly and verify the integrity of those backups regularly.
  2. Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
By following this advice, and arming your organization with the right backups, you can prevent the attackers from taking away access to your systems. 

Why choose Evolve IP?

The key to maintaining control is to fortify your critical infrastructure and data with regular, isolated, and recoverable backups. Many organizations are unaware that with Evolve IP’s technology, preparation, and expertise, almost any production environment can be restored and operational within four hours. With a range of business restoration options, Evolve IP puts you in control — not the attacker.Recovery Time by Backup StrategyThe proper preparation to create this capability includes:
  • Creating a reliable backup process. Create rapid, frequent system backups in a secure, offsite location.
  • Ensuring data recoverability. Backups can also be infected by the malware virus if not detected immediately after infection.
  • Confirming data availability. Ask yourself “how quickly can we access and use the backup that we created?”
Evolve IP makes rapid, frequent backups of your systems, and then moves them securely offsite to an isolated location. Depending on your existing infrastructure, simple backups can be established in a matter of hours, with your data securely maintained in an isolated, private, HIPAA-compliant environment.  With Managed Disaster Recovery as a Service (DRaaS), Evolve IP’s team stands ready to recover any compromised customer data with a 4-hour or less guaranteed service level.


The benchmark study revealed the alarming depth and breadth of an underlying and growing security threat to healthcare organizations. However, most organizations do not have the time or the resources to stay properly protected. Another solution is needed, and there is a fairly simple one.Increasingly, healthcare providers are recognizing the value of cloud-based technologies and managed services. This kind of cloud, that is strengthened by in-depth security policies and procedures and designed to meet the rigorous HITRUST CSF certification standard, goes beyond subjective standards such as SOC II and provides firms with an absolute definition of what it means to have great security. This robust hosting backbone is then combined with actively managed security services that can rapidly respond to daily monitoring requirements, security updates, emerging threats, and compliance changes. This unique combination of technology and service liberates organizations to allocate their IT energies towards key growth and business development strategies.
About ID Agent/Dark Web ID
ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents.From monitoring your organization’s domain for compromised credentials to deploying identity and credit management programs in order to protect your employees and the customers you serve – we have you covered.The largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data to make informed decisions.Dark Web ID combines human intelligence with sophisticated Dark Web intelligence and search capabilities to identify, analyze and proactively monitor your organization’s compromised or stolen employee and customer data.  Categories: Healthcare
Recommended For You
The Evolve IP Compliance CloudTM

Compliance is a way to do business … not an afterthought when clients need it.

At Evolve IP we have a dedicated compliance and security practice and work with two of the world’s top 3rd-party compliance auditors, Grant Thornton and Ernst & Young, to enable customers to extend their compliance to our fully audited cloud. This focus allows us to deliver the documentation and assurances that other’s simply cannot including HIPAA / HITRUST, PCI-DSS (all 12 sections), SOC 2/3 and more. The Compliance CloudTM includes true client isolation, encryption in transit and at rest, private VLANs, firewalls and dozens of other security measures.

What Our Clients Say
  • "Yesterday was, perhaps, my busiest day of client interaction either by phone or email since I have been a PM, and I don’t think any of my clients knew I was working from home unless I told them. I was also able to do trades behind the scene and interact with my team. So, for me, the technology has been working great. As an old guy, I am constantly dazzled by technology in general, but being able to do this stuff from home is amazing!"

    James C. Hunter, CFA, CFP, AIF, Senior Portfolio Manager, Principal

  • "Hey, IT people, As I’m working away in my home office, I just wanted to say thanks to you for all you’re doing, and have done in the past, to make it possible for us to run our company virtually. Not many of us JICers have jobs that everyone in the firm sees and could stop us from doing business. But you have this job, and do it well. Thank you for having the foresight and wisdom to get us in a position to succeed in a pandemic! You’re awesome."

    Michael D. Barnes, Esq., CTFA President, Principal

  • “That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!”

    - Ken Schultz, CIO Ogletree Deakins

    Watch Testimonial

  • "The people that Evolve IP are more personable; you don't feel like there's necessarily a script when you're talking with them, they’re easy to understand, quick to get a hold of, and they follow through on what they say they're going to do."

    Watch Testimonial

  • "Evolve IP has been a vendor partner that has grown with us, that has helped us, and that you know stands by us and stands by their word."

    Watch Testimonial

What the Experts Think

Our analyst-acclaimed solutions are built on a world-class, compliant architecture that leverages the blue-chip technologies organizations already know and trust.


We deploy best-of-breed solutions including: Disaster Recovery, Contact Center, Unified Communications, DaaS, IaaS. Our services are analyst-acclaimed, vendor-validated, client recommended and award-winning.


Evolve IP is proud to have achieved the honor of being HITRUST CSF certified! Certification to the HITRUST Common Security Framework (CSF) affirms that all of Evolve IP’s cloud computing and cloud communications services adhere to the strictest security standards for electronic protected health information (PHI). The HITRUST security standard was developed by and for the healthcare industry as a means of going above and beyond the compliance requirements of HIPAA.

The HITRUST Common Security Framework (CSF) was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. The HITRUST CSF was developed by healthcare and IT professionals to provide an efficient and prescriptive framework for managing the security requirements inherent in HIPAA. HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. An important part of the “What is HITRUST” answer is understanding that the CSF is risk-based and compliance-based so that organizations can tailor the security control baselines and vendor management programs that they follow based on their specific organization type, size, systems, and regulatory requirements.


The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.

The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls.

SSAW 16 Service Organization Control II (SOC 2)

Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.


While Forbes regularly features coverage and recognition about Evolve IP, they've most recently recognized Evolve IP as being the "Best Cloud Computing Companies And CEOs To Work For In 2017".  They've ranked Evolve IP in the Top 3 just behind Google and Microsoft in the Cloud Infrastructure classification.  (Feb 2017). Forbes  also recently recognizes Evolve IP for bringing Singer Equipment Corporation, a mainstream business based in PA, into the cloud by means of unified communication. (Sept  2017). Last year, Forbes recognized Evolve IP's survey of 1,080 executives citing that the number one reason to go to the cloud is the same reason that it is avoided. (Mar 2016).

Unified Communications Product of the Year

TMC and Internet Telephony Magazine have named Evolve IP’s unified communications platform as a 2017 Unified Communications Product of the Year Award winner. This marks the 6th time Evolve IP has been honored with this prestigious award and follows a series of product innovations that have allowed the company to rapidly expand its international coverage.

Evolve IP’s business collaboration tools and IP phone system dramatically improve employee productivity in the office and on the road with a Unified Communications as a Service (UCaaS) platform that fully integrates voice, video, instant messaging & presence (IM&P), desktop sharing, audio/web conferencing and more. The company also provides a sophisticated Web-based management portal, OSSmosis®, that allows administrators to easily configure system functions and quickly modify users without the need to reach out to a third party for changes.


Inc. magazine has recognized Evolve IP in the 34th annual Inc. 500|5000, an exclusive listing of the nation's fastest-growing private companies. The list will be unveiled in the September issue of Inc.

The story of this year's Inc. 5000 is the story of great leadership. In an incredibly competitive business landscape, it takes something extraordinary to take your company to the top," says Inc. President and Editor-In-Chief Eric Schurenberg. "You have to remember that the average company on the Inc. 5000 grew nearly six-fold since 2012. Business owners don't achieve that kind of success by accident.

Payment Card Industry Data Security Standard (PCI DSS)

Evolve IP has achieved Payment Card Industry (PCI) Data Security Standard (DSS) compliance covering all 12 sections of the PCI DSS. The PCI data security standard is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.


Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.

Deloitte’s Technology Fast 500TM

Evolve IP has been ranked for the second consecutive year on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America – both public and private. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2012 to 2015. The list is a veritable Who’s Who of technology that has included tech companies like Google, VMware and Facebook.

Technology Fast 500 provides a ranking of the fastest growing technology, life sciences, and energy the companies – both public and private – in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth during the period from 2012 – 2016.

Red Herring

Red Herring has named Evolve IP as one of the Top 100 Companies in North America.  Red Herring’s Top 100 recognizes the leading and most promising private companies from around the world. Among the over 20 criteria used to analyze companies for the award, Evolve IP was noted for its financial performance, technological innovation, customer footprint, the DNA of its founders and addressable market.

Red Herring selects the award winners for North America from approximately 1,200 privately financed companies each year in the US and Canada. Since 1996, Red Herring has kept tabs on these organizations and its editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype,, YouTube, Palo Alto Networks and eBay would change the way we live and work.


Evolve IP has been recognized as one of the “Best Entrepreneurial Companies in America” in Entrepreneur magazine’s Entrepreneur360™ Performance Index, a study involving a comprehensive analysis of private companies in America. Based on this study forged by Entrepreneur, Evolve IP is recognized as a company that exemplifies growth, not just in top and bottom line, but in sustainability and the ability to achieve lasting success.

According to Entrepreneur, after evaluating approximately 10,000 U.S. based firms, the team of editors and researchers behind the E360 Performance Index collected more than 250 pieces of data from the finalists, focusing on growth drivers and challenges, goal setting, resource allocations, and reward systems. The analysis uncovered a class of leading companies, including Evolve IP, whose continued success is largely based on superior value creation for their customers, building an adaptive learning culture, and aggressive geographic expansion—placing them amongst the most dynamic firms in America today.

Latest Press Releases

Evolve IP Enhances Its Microsoft Teams and Cisco Voice Direct Routing Platform
September 22, 2020 / Evolve IP
Evolve IP announced that it has integrated SMS business messaging and voice recording with AI speech analytics into its Microsoft Teams direct routing platform.
Evolve IP Integrates Business Messaging Into Microsoft Teams; Enhances Microsoft’s Direct Routing Solution
September 17, 2020 / Evolve IP
Evolve IP® announced that it has launched a fully-integrated SMS / business messaging platform for its Microsoft Teams Direct Routing solution.
Evolve IP® Named For Eighth Time to the Inc. 5000 List of Fastest-Growing Private Companies
August 12, 2020 / Evolve IP
Evolve IP®, the world's leading provider of Work Anywhere™ solutions, today announced that it has been named to the Inc. 5000 for the 8th time since 2012.
Evolve IP Delivers World’s Only Omnichannel Contact Center Integrated with Microsoft Teams and Virtual Workspaces
August 5, 2020 / Evolve IP
Evolve IP®, the world's leading provider of Work Anywhere™ solutions; today announced that it has integrated the omnichannel Evolve Contact Suite with Microsoft Teams and the company's virtual Workspaces...
View More

Contact Us

or Call 1.877.459.4347