One in Seven Healthcare Employees Will Fall for Phishing Emails


A study recently published in the Journal of the American Medical Association highlights how vulnerable the healthcare sector is to phishing attacks, according to Jessica Davis at Health IT Security. Researchers from Harvard Medical School and Boston’s Brigham and Women’s Hospital sent millions of simulated phishing emails to employees at six healthcare organizations between 2011 and 2018.

“The researchers performed 95 simulated phishing campaigns, sending about 3 million emails to the studied organizations’ employees,” writes Davis. “In total, the employees opened 422,062 of the malicious emails, or about 14 percent. The median click rate ranged from about 7.4 percent to 30.7 percent, with an overall median click rate of 16.7 percent across all organizations and campaigns. The total click rate was about one out of seven simulated phishing emails.”

The rate of success was fairly consistent across different organizations, although they determined that personal emails were far more effective than business-related ones. They also found, however, that the click rate dropped significantly in subsequent campaigns.

“Increasing campaigns were associated with decreased odds of clicking on a phishing email, suggesting a potential benefit of phishing simulation and awareness,” the report states. “Employee awareness and training represent an important component of protection against phishing attacks… One method of generating awareness and providing training is to send simulated phishing emails to a group of employees and subsequently target educational material to those who inappropriately click or enter their credentials.”

Davis notes that the healthcare sector is particularly vulnerable to phishing attacks due to high employee turnover, as well as the highly-interconnected networks that are characteristic of healthcare organizations. It only takes one successful phishing email to let an attacker into your network. New-school security awareness training with simulated phishing emails can minimize the chances of your employees falling for one of these attacks.

Health IT Security has the story:

Free Phishing Security Test

Find out what percentage of your employees are Phish-prone™

PST ResultsAre your users vulnerable to phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews