A study recently published in the Journal of the American Medical Association highlights how vulnerable the healthcare sector is to phishing attacks, according to Jessica Davis at Health IT Security. Researchers from Harvard Medical School and Boston’s Brigham and Women’s Hospital sent millions of simulated phishing emails to employees at six healthcare organizations between 2011 and 2018.
“The researchers performed 95 simulated phishing campaigns, sending about 3 million emails to the studied organizations’ employees,” writes Davis. “In total, the employees opened 422,062 of the malicious emails, or about 14 percent. The median click rate ranged from about 7.4 percent to 30.7 percent, with an overall median click rate of 16.7 percent across all organizations and campaigns. The total click rate was about one out of seven simulated phishing emails.”
The rate of success was fairly consistent across different organizations, although they determined that personal emails were far more effective than business-related ones. They also found, however, that the click rate dropped significantly in subsequent campaigns.
“Increasing campaigns were associated with decreased odds of clicking on a phishing email, suggesting a potential benefit of phishing simulation and awareness,” the report states. “Employee awareness and training represent an important component of protection against phishing attacks… One method of generating awareness and providing training is to send simulated phishing emails to a group of employees and subsequently target educational material to those who inappropriately click or enter their credentials.”
Davis notes that the healthcare sector is particularly vulnerable to phishing attacks due to high employee turnover, as well as the highly-interconnected networks that are characteristic of healthcare organizations. It only takes one successful phishing email to let an attacker into your network. New-school security awareness training with simulated phishing emails can minimize the chances of your employees falling for one of these attacks.
Health IT Security has the story: https://healthitsecurity.com/news/phishing-education-training-can-reduce-healthcare-cyber-risk
Here's how it works:
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: