Healthcare Cybersecurity: Fighting Phishing with Employee Education
Want to reduce your organization’s risk of cybersecurity incidents? The key is educating employees before bad habits set in, according to new research.
The healthcare sector is particularly susceptible to phishing attacks because high employee turnover leads to an influx of new staffers without previous cybersecurity training, says a new report from the Journal of the American Medical Association.
Studying six diverse healthcare organizations from 2011 to 2018, researchers simulated 95 phishing campaigns, sending about 3 million emails to the organizations’ employees. The result: employees opened 422,062 malicious emails – about 14%. Personal emails were the most significantly associated with increased click rates.
But the researchers also saw a pattern: the more phishing campaigns they launched, the lower the click rates dropped, suggesting that employees became more aware of the threat and less likely to engage. Because of this, the researchers encourage organizations – particularly in the healthcare sector – to develop dedicated training to increase employee awareness.
Employee turnover isn’t the only reason healthcare is particularly vulnerable. The researchers also warned of “significant end point complexity” noting:
“Every employee smartphone that is connected to the network is a potential risk, as are other networked devices. Hospital information systems are highly interdependent. An EHR is dependent on a laboratory information system to display clinical results.”
DRI can help your organization become more cyber-aware with its new Cyber Resilience for the Business Continuity Professional (CRLE 2000) course. More than just another statement of the problem, CRLE 2000 is an information-packed four-day experience that will provide an understanding of how to address cyber disruptions within a business continuity framework. You’ll discover how business continuity and cybersecurity must integrate within every organization, using the five elements of cyber resilience: prepare/identify, protect, detect, respond, and recover. Click here for additional course information.