A recent survey revealed that employees at U.S. health care institutions may be susceptible to phishing emails. The report, Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions, authored by Dr. William Gordon of Brigham and Women’s Hospital and Harvard Medical School in Boston stated that many healthcare organizations remain vulnerable to phishing attacks.
William specified that when the researchers sent simulated phishing emails, nearly one in seven of the emails were clicked by employees of healthcare organizations. The survey also stated the importance of employee awareness of the risks associated with phishing emails. “Cybersecurity is a really important issue for hospitals and healthcare organizations and it’s only getting more important. One of the biggest risks for them is their own employees and it’s manifested through a phishing attack,” said Gordon.
Gordon and his team analyzed data from six U.S. healthcare institutions that ran phishing simulations from August 1, 2011, to April 10, 2018. The report stated that the phishing campaigns produced around 2,971,945 emails in which 422,062 (14.2 percent) of emails were clicked.
The report concluded that the current click rates in phishing simulations at U.S. health care organizations indicate a major cybersecurity risk. It also urged the health care community to understand the risks and implement proper security awareness measures to enhance the security of health information systems.
Recently, a similar report revealed that health care organizations suffered the highest number of data breaches in 2018 across any sector of the U.S. economy. According to Beazley Breach Response, a breach response management and information security insurance solutions provider, the healthcare entities have reported the highest number of data breaches, at 41 percent. The report, dubbed as Beazley Breach Insights Report, stated that direct hacking, the presence of malware, or due to human error were the causes of data breaches in healthcare organizations.
The report also revealed the percentage of breaches in other sectors of the economy. The education sector accounted for 10 percent of security issues, financial institutions reported 20 percent of incidents, and professional services represent 13 percent of cases.