Phishing email drives the majority of successful cyberattacks against home health agencies. Not because email is uniquely vulnerable, but because the home health operational environment creates ideal conditions for phishing: high email volume, urgent-seeming legitimate communications, staff context-switching between clinical and administrative tasks, and personal devices where security training is harder to reinforce. Why Built-In Filters Are Not Enough Microsoft 365 and Google Workspace include basic spam filtering and malware scanning. These catch known, obvious threats. They do not catch:
- Business Email Compromise (BEC) — emails from legitimate-appearing accounts requesting payment direction changes. No malicious links or attachments. Passes all basic filters.
- Domain impersonation — emails from newly registered lookalike domains. Basic filters do not perform domain similarity analysis or registration-age checks.
- Zero-day malicious links — URLs registered within hours of the campaign launch, not yet in reputation databases.
- Contextual phishing — emails referencing your real patient names, billing reference numbers, or physician contacts harvested from prior reconnaissance. These pass basic filters because the content is specific and credible.
Layer 1: Email Authentication — DMARC, DKIM, and SPF
- SPF — defines which IP addresses are authorized to send email from your domain. Without it, anyone can spoof your sending address to patients and referral partners.
- DKIM — adds a cryptographic signature to outbound email verifying the message was not tampered with in transit.
- DMARC — ties SPF and DKIM together and instructs receiving servers to quarantine or reject messages that fail authentication. DMARC at "reject" policy means spoofed emails from your domain cannot reach anyone's inbox.
Layer 2: Advanced Anti-Phishing and Anti-Impersonation
- Anti-impersonation protection — detects emails impersonating your executives, billing managers, or trusted external parties even when the email passes basic authentication
- Safe Links — rewrites all URLs to route through a real-time security proxy; destination checked at click time, not just at delivery (malicious sites change after delivery)
- Safe Attachments — detonates email attachments in a sandbox before delivery; malware executes in isolation before reaching the user
- Domain similarity analysis — flags emails from recently registered domains that resemble your trusted senders
Layer 3: Outbound Email Security and DLP
- Data Loss Prevention (DLP) — scans outbound emails for PHI patterns and blocks messages sending unencrypted ePHI to unauthorized recipients
- Email encryption — automatically encrypts outbound emails containing ePHI, satisfying HIPAA's encryption in transit requirement
- DMARC reporting — generates reports on authentication failures and active spoofing campaigns targeting your domain
Layer 4: Role-Specific Phishing Simulation Training Technical controls stop detectable threats. Contextually sophisticated phishing — impersonating your Medicare contractor with your real billing reference numbers — requires trained human judgment. Quarterly role-specific simulations targeting billing-focused BEC and EHR-vendor impersonation build the behavioral reflexes that are the last line of defense for the threats that bypass technology. ShieldForce deploys and manages the complete layered email security stack — DMARC/DKIM/SPF, advanced anti-phishing, DLP, and quarterly phishing simulation training — in every managed security engagement.
Ready to protect your home health agency? The first step takes 30 minutes and costs nothing. ShieldForce delivers purpose-built managed cybersecurity for healthcare — 24/7 SOC monitoring, behavioral EDR, advanced layered email security, immutable backup with tested restoration, MFA enforcement, and complete HIPAA documentation — starting at $35/user/month. BAA signed on day one. Fully deployed in 72 hours. No IT staff required.
→ Schedule Your Free HIPAA Risk Assessment