Protect Your Organization Against Email Attacks

In a typical day, your employees receive and respond to hundreds of emails, often squeezing email tasks in between patient appointments, phone calls, and requests from doctors or staff members. So it’s not surprising that if an administrator receives an email from an executive asking for a specific account login information or password, that she’ll respond without a second thought. Or that a medical assistant, who receives a credible-looking email saying the software he depends on needs to be updated, will immediately click the link to accomplish that.

Unfortunately, those employees may have unwittingly put your practice at significant risk.

Seemingly trustworthy emails can actually be phishing attacks from hackers who trick employees into revealing account numbers, passwords, or other critical data. Phishing attacks can allow hackers to install malware or spyware on your network, giving them access to your databases and patient personal health information (PHI). In other cases, ransomware is downloaded and spread across your network, completely cutting off your access to vital patient and clinic data and systems. The costs to pay the ransom and remediate the damage can be hundreds of thousands of dollars, not to mention the impact on patients.

Falling for a phishing attack is the most common type of significant security incident for healthcare organizations, with attacks in 57% of all organizations reported in the 2020 HIMSS Cybersecurity Survey. Fortunately, phishing is also something you can train employees to avoid using a phishing simulation program to monitor and train employees.

Best practices in phishing simulation

A phishing simulation program shows you how vulnerable your employees are and trains them to do the right thing when real phishing attacks occur. Best practices in phishing simulation cover four main components:

1.   A baseline phishing test

By sending an innocuous fake phishing email to all employees you establish a baseline for how many employees are susceptible. This click-through rate becomes your baseline against which you’ll measure ongoing progress over time.

2.   A communications plan for employees

This helps employees understand the importance of this training, how it fits into your overall security training to protect the practice and your patients, and how they can report hacking attempts.

3.   Ongoing program campaigns

Quarterly campaigns send simulated emails to all employees, changing the approaches to match the changing threat landscape. Employees who click on one of these emails receive training and education to help them avoid real scams.

4.   Regular reviews and analytics

Advanced analytics help you understand the security risks within your organization and can help identify repeat offenders who can benefit from additional training and support.

Med Tech Solutions has developed a comprehensive phishing simulation program specifically designed for healthcare practices and organizations. The program follows industry best practices and is fully managed by our team of security experts to make the process painless.

---

To learn more, download the whitepaper:

Phishing Best Practices whitepaper

 

Contact MTS for more information on our Phishing Consulting Services and more.