UAE and South African Hospitals Fail on DMARC Implementation

Only a quarter of hospitals have implemented the strongest level of DMARC, with a third running any version of the email validation protocol.

Around three-quarters of hospitals in the United Arab Emirates and South Africa have not adopted the strongest form of the Domain-based Message Authentication, Reporting and Conformance (DMARC) email validation protocol.
According to a
DMARC analysis
by Proofpoint, 28% of hospitals in those regions have implemented the strictest and recommended level of DMARC protection to reject.
There are three levels of protection
: monitor, quarantine, and reject, with
reject
being the most secure for preventing suspicious emails from reaching the inbox.
Only 69% of UAE hospitals have published a basic DMARC record, meaning 31% are taking no steps to protect users from potential email fraud.
Emile Abou Saleh, regional director for Middle East and Africa at Proofpoint, said that with the
healthcare industry rapidly becoming a target for cybercriminals
due to the sensitive patient data these institutions hold, and healthcare organizations being
high-value targets for ransomware attacks
, a broader security strategy will be crucial to secure the future of the healthcare sector in the UAE and South Africa, which has been identified as a priority area under the respective national agendas of both countries.
Ryan Witt, healthcare cybersecurity leader at Proofpoint, says that DMARC adoption remains around 25% for the healthcare industry for several reasons:
Complexity:
DMARC implementation can be complex, especially in medium to large health systems. It requires coordination among multiple departments, careful configuration of email servers, and ongoing monitoring and management.
Resource limitations:
Implementing DMARC effectively often requires dedicated cybersecurity resources at a time when staffing challenges plague the industry, especially for IT and infosec personnel.
COVID:
The healthcare industry was particularly challenged by COVID, and it took a tremendous amount of resources to pivot from the office to a work-from-anywhere environment. This occurred at a time when healthcare was under acute challenges for providing patient care, elective surgeries (the most profitable form of patient care) were significantly interrupted, and resources were, in certain instances, needed to establish makeshift/overflow care facilities.
Healthcare has made significant strides in better protecting the industry, in part because hospital executives increasingly see cybersecurity as a core component of patient care, Witt says. In other words, there have been many examples of where a cyber event has directly impacted patient care — delayed procedures, patient records not being available, increased complications for treatment, patient having to be moved to a different care facility, etc. — and hospital executives better appreciate that more investment is needed to secure their health systems.
Witt says there are options to better assist healthcare organizations, such as the
Health Information Sharing and Analysis Center
(H-ISAC), which has encouraged the healthcare industry to adopt DMARC as a fundamental security control for many years.
In addition, he says, the US Department of Health and Human Services, through its
405d program
, has provided a
best-practices document
for cybersecurity preparedness that covers the importance of DMARC when safeguarding against cyberattacks in healthcare.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
UAE and South African Hospitals Fail on DMARC Implementation