Skip navigation
All Places > The Mimecaster Central Blog > Blog > Authors user.lD9iBR438k

David Hood is the Director of Technical Marketing focused on Office 365, continuity, and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud


I’m pleased to announce a user group dedicated to the healthcare industry on Mimecaster Central!


The healthcare industry faces many unique challenges – from protecting sensitive patient data to complying with strict regulations – often without the financial and personnel resources available in other industries.


This user group here in the community is a place for healthcare professionals to get data, news stories, information and more that impact cyber resilience for email. It’s also a place to see what your peers in the industry are talking about and a chance to network with other Mimecast customers.


I encourage you to join today and take part in the conversation!

David Hood is the Director of Technical Marketing focused on Office 365, continuity, and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud collaboration.


Mimecast is pleased to announce new data loss prevention (DLP) capabilities to help US healthcare organizations meet HIPAA guidelines.


The Mimecast US Healthcare Pack is managed DLP content to scan, identify, and take action on emails containing protected health information (PHI). Let’s look more in depth at the US Healthcare Pack and how it can help your organization:


  • Requires a customer to use Mimecast for gateway services. This includes any of the M, S or D product bundles, as well as legacy UEM products.
  • Managed DLP content is available out-of-the-box and can be enabled for all email addresses quickly and easily. If necessary, the managed content can be extended with additional policies to address organizational-specific requirements.
  • To identify PHI, Mimecast will scan attachments and the email body for the presence of:
    • Names
    • Social security numbers
    • ICD-10 codes
    • FDA drug name
    • Driver’s license numbers
    • Claim numbers
    • ...and more
  • Mimecast will update the managed DLP content to remain current with underlying sources. Some sources will be updated on a weekly basis, while others less frequently. Importantly, as a cloud service, these updates are available immediately to the organization, without administrative actions.


If PHI is found in email, there are a number of actions that the organization can take. Administrators can:


  • Reject the message
  • Encrypt (this can be done with TLS or be used in tandem with Mimecast Secure Messaging)
  • Hold the message for review
  • Convert the file
  • Remove emails with PHI content from internal mailboxes (if the organization uses Mimecast Internal Email Protect and the US Healthcare Pack)


According to the 2017 Verizon Data Breach Report, healthcare is the second most breached industry behind financial services. A big difference is that in healthcare, employees are the predominant reason for a breach. Unfortunately, with highly sensitive PHI data, any employee mistake can have far-reaching consequences. For example, a busy, well-intentioned staff member can carelessly attach a file with PHI to an email.


While less frequent, malicious employees with access to PHI have emailed thousands of patient records to a personal email address. In both cases, the Mimecast US Healthcare Pack will help identify and stop this mail before it leaves the organization.


Interested in learning more? Visit the Mimecast Knowledge Base for more information on the US Healthcare Pack.

Dave Hood is the Director of Technical Marketing focused on Office 365, continuity, and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud collaboration.


Mimecast is pleased to announce new features that make it easier for administrators to respond quickly to email flow disruptions.


Whether an organization runs mail servers on-premises or with a cloud service like Exchange Online through Office 365, email disruptions are a real threat. Email is the number one channel for business communication and any problem can result in lost revenue, upset customers, and brand damage. Mimecast provides a secondary delivery path for email in the event of an inbound or outbound mail issue and gives administrators the tools to react quickly when a problem occurs.

Let's look at the new features:

  • Monitor: Mimecast monitors for high latency and failed deliveries, both inbound and outbound, so administrators stay on top of potential issues.
  • AlertAn adjustable threshold for mail flow issues gives administrators the ability to tailor when they are notified. Once the threshold is met, an alert is generated and sent via SMS or to an alternate email address. Administrators are warned of potential problems on any device, anywhere.
  • RespondA continuity event portal provides the administrator with key metrics to assess the severity of the problem and respond quickly. One-click activation starts continuity mode, making Mimecast responsible for delivering email until the primary service is back online. A customizable SMS message to users reduces manual tasks and ensures the employee base follows company procedures.

These features extend Mimecast’s leading Continuity service that allows users to continue working in applications they use everyday. The Outlook for Windows plugin keeps the user experience the same and employees productive. Other options include the Mimecast web portal, mobile applications, and a native Mac application.

Mimecast is focused on providing the best security and resilience for email. These new Email Continuity features will be available in March 2017.


Related information (customer log-in required):

Mimecast Continuity Planning Manual 

Dave Hood is the Director of Technical Marketing focused on Office 365, continuity and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud collaboration.


Recently, a new attack came to light that shows the importance of using a layered security approach to protect against malicious URLs in emails.


We all know email is the preferred vector by many cybercriminals, particularly during the holiday season, as it seems like almost everyone is shopping online and getting bombarded by offers for sales, shipping instructions, and purchase confirmation emails. Attackers take advantage of the flood of this legitimate email as cover, and to catch unsuspecting users when their defenses are down. The particular attack referenced in this blog is, however, new.


Security Week reports the attack was directed at Office 365 business users, and exploits a vulnerability in how anti-phishing and Microsoft Safe Links determine if a URL is safe to visit or not. The goal of the attackers was simple – divert Office 365 users to a fake login page to harvest their usernames and passwords. With their login credentials, attackers would have unfettered access to all Office 365 workloads of that user.


The steps of the attack are to:

  • Create a fake Office 365 login page.
  • Alter the proper URL of the page using a tool named Punycode. Punycode makes it possible to represent International Domain Names (IDNs) with a limited character set. For those who have used the URL shortener, it’s similar in concept.
  • Distribute URLs to Office 365 users using a fake email. In this case, fake FedEx emails were used to maximize opens during this season of giving.
  • Harvest Office 365 credentials as users hit the fake Office 365 page.


The key for this attack was the use of the Punycode to get the URLs past Microsoft’s phishing protection (the attacker no doubt tested this method in advance to make sure it worked, in his own instance of O365).


These types of URLs are usually blocked, but in this case, the malicious links were left accessible because of the failure of the defenses to interpret the links correctly. You can find more details at Security Week.


It’s worth considering these takeaways from this attack:

  1. Defense-in-depth remains a best practice in the cloud, just as it was in an on-premise world. A single code base to protect the over 85M corporate users on Office 365 opens the door to these types of attacks.
  2. It shows what attackers can do when they have easy admin access to Office 365 tenants. In this case, the attackers crafted an email using Punycode that they could test against EOP and ATP, until they were absolutely sure it would work. When they were confident it would get past the defenses, they launched a broader attack.
  3. Armed with malicious URLs hidden from the Office 365 defenses, it’s relatively simple to use MX lookup tools to identify organizations using EOP and Office 365.  Attackers could quickly build a list of organizations to phish.
  4. Attackers are increasingly targeting Office 365 because of its popularity. The article states: “With the growth in Office 365 for corporate email, hackers are shifting their focus. The characteristics of this particular attack disclose the hacker’s intention to deceive Office 365 users into providing their login credentials.”
  5. It’s always worth having defense in place that includes security against email threats such as malicious links (including the type used in this attack), weaponized attachments, and malware-less impersonation attacks.


More posts from Dave Hood:

The specified item was not found. 

The specified item was not found. 

The specified item was not found.