HealthStream interviewed Steven Conrad, Managing Director of MediaPRO, to learn defensive measure healthcare organizations can take to prevent breaches. Conrad has worked to improve organizational performance through effective learning solutions and is active at the strategic level to protect organizations from cyberattacks.
What’s the Best Way to Encourage Vigilance?
Given the vulnerabilities described in some of the research, what is the best way to ensure that employees remain vigilant and smart about how to spot fraudulent emails? Some healthcare organizations have established Bitcoin accounts in the event that they are the victim of a ransomware threat, but is that the best available option?
Conrad recommends monthly mock phishing supported by employee training to best address the vulnerability created by employees. “An organization’s IT department may understand and be able to respond to the technology issues, but be less prepared to deal with the human problems.”
Send Your Own Phishing Emails to Assess Vulnerability
MediaPRO recommends sending phishing emails that emulate some of the best strategies used by phishers. It is not unusual to see between 60% and 70% of employees taken in by such emails particularly at the onset of training.
In addition to the emails that simulate phishing, Conrad also encourages healthcare organizations to take the following steps to protect themselves:
Criminals Using Artificial Intelligence and Constantly Changing Tactics
“Bad guys are doing very sophisticated things including the use of artificial intelligence. It’s important to share these tactics with employees so they recognize these phishing attempts when they encounter them. These criminals use constantly evolving tactics. It is not a static game for them and your training should reflect this fact,” says Conrad.
In addition to monthly mock phishing, MediaPRO’s system can help organizations to identify those employees who create higher levels of risk as well as those who engage in potentially compromising behaviors, such as clicking on an inappropriate link or downloading harmful files. Training can then be customized to address specific areas of vulnerability. When describing the goal of training employees to recognize phishing attempts, Conrad says, “It’s all about enabling people to make better decisions. If we’re not doing that then we’re putting them in a situation where they really can’t do their jobs as well as they should.”
The threat to the security of information is an evolving one, and the key to real vigilance incorporates both technology and training. Conrad’s advice is to make sure that your organization helps employees to understand their vital role in the protection of this information.
This blog post excerpts an article in our complimentary eBook about Threats to Healthcare, Workforce Readiness: Preparing Today for Tomorrow’s Unknown. Download it here.
HealthStream’s learning management system and comprehensive suite of competency management tools empower your healthcare workforce to deliver the best patient care.View All Learning & Performance
When you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.View All Quality & Compliance
Fulfill compliance requirements with a variety of programs and courseware designed to address critical regulatory requirements as well as educate staff to recognize and mitigate risks.View All Products
HealthStream offers professional training and education on how to best optimize your reimbursement process within your healthcare organization.View All Reimbursement
Improve the preparedness of your staff, increase survival rates, and cut costs with the advanced resuscitation training services from HealthStream.View All Resuscitation
Expand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.View All Clinical Development
Delivers everything you need to request, gather, and validate information about a provider to create a single source of truth for downstream processes.View All Credentialing
Make sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.View All Scheduling & Capacity Management