Dubai, United Arab Emirates: Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research identifying that 72% of the top hospitals in the UAE and KSA are lagging behind on basic cybersecurity measures, subjecting citizens to a higher risk of email fraud. 

These findings are based on a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of the top hospitals in the UAE and KSA. DMARC[1] is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection monitor, quarantine and reject,[2] with reject being the most secure for preventing suspicious emails from reaching the inbox.   

The analysis revealed that only 28% of UAE and KSA hospitals have implemented the strictest and recommended level of DMARC protection (‘reject’). This means that 72% are not proactively blocking fraudulent emails from reaching users. Furthermore, only 69% of UAE hospitals have published a basic DMARC record, meaning 31% are taking no steps to protect users from potential email fraud. 

Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint, said, “The healthcare industry is rapidly becoming a target for cybercriminals due to the sensitive patient data these institutions hold. In addition, from an attacker’s perspective, healthcare organizations are high value targets for ransomware attacks as they would have great motivation to pay up to restore systems quickly.”

He added, “A broader security strategy will be crucial to secure the future of the healthcare sector in the UAE and KSA, which has been identified as a priority area under the respective national agendas of both countries. The healthcare industry must pursue a security strategy that focuses on people, because threat actors will continue to convince victims to click malicious links, download unsafe files, install malware, and disclose sensitive information. Moreover, their security strategy will have to adapt to new business models to protect health information wherever it is stored – whether within the hospital or beyond.”

Methodology: This analysis was conducted in June 2023, using the World’s Best Hospitals listings for UAE and Saudi Arabia. 

About Proofpoint, Inc.
Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Leading organizations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Samreen Iqbal
BPG Group