HealthStream offers performance learning management solutions to help develop your healthcare staff into leaders and reduce turnover.
View All ProductsHealthStream works with healthcare organizations to create engaging and high-quality training videos for your staff and management.
View All ProductsImprove care quality and save money by making informed decisions about your healthcare facility and staff with HealthStream's reporting analytics solution.
View All ProductsHealthStream's proven methods for the improvement and overall engagement of your healthcare staff foster a positive workplace and increase retention rates.
View All ProductsBe confident in your staff’s ability to reduce risk by providing compliance training that changes behavior.
View All ProductsDevelop next-level people for next-level care by prioritizing quality and safety improvements.
View All ProductsEstablish a culture of belonging with education supporting DEI, wellness, engagement, and leadership development.
View All ProductsDeliver custom or industry designed product training directly to patient and resident care environments to reinforce proper use.
View All ProductsStreamline the revenue cycle management process and protect your bottom line with expert-backed education.
View All ProductsLearn about our advanced resuscitation training solutions. Our solutions are designed to help improve patient outcomes.
View All ProductsUnlocking the full potential of clinicians goes beyond aspiration – it’s a commitment we embody. Our competency development solutions help personalize learning for every clinician so you can confidently bridge the gap between theory and practice for your nurse residents while meeting the unique development needs of your seasoned clinician.
View All ProductsEnhance maternal & child nursing care with solutions focused on improving the quality of care for mothers, infants, and children.
View All ProductsAddress staffing challenges, standardize orientation and onboarding, and deliver an effective training program for your team to easily achieve and maintain certification with our critical, emergency, and acute care solutions.
View All ProductsWe understand the critical importance of earning and maintaining your patients' trust in the delivery of exceptional sedation and surgical outcomes. As a premier provider of healthcare education, we are committed to empowering you in promoting safer, more successful outcomes for each and every patient, without exception.
View All ProductsOur solutions are meticulously designed to cater to the diverse needs of patients, healthcare professionals, and organizations. Within this innovative framework, we have curated specialized subsets of solutions aimed at addressing the ever-evolving challenges faced by individuals dealing with illnesses or chronic conditions.
View All ProductsHealthcare workforce management is essential. We provide advanced scheduling solutions for organizations to solve issues such as nurse retention
View All ProductsTackle all the challenges of practitioner directory management within a health plan with a single solution tailored to your specific needs.
View All ProductsOur affordable CVO credentialing services establish patient safety by enabling primary source verification for your healthcare organization.
View All ProductsFinally, a comprehensive resource to support collecting, storing, and sharing credentialing data with ease.
View All ProductsIntegrate with Epic to validate and add new providers directly to your provider master file.
View All ProductsMitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.
Learn MorePhishing, sometimes known as spear phishing, is a scheme in which someone impersonates a person or business (i.e., a known or trusted contact) to deceive a target into revealing sensitive information or providing insider access. It is not new but has quickly become a tool of choice for scammers and cybercriminals. The statistics are alarming: In 2023, the Federal Bureau of Investigation’s (FBI’s) Internet Crime Complaint Center noted that there were 298,878 complaints of phishing, a significant increase from the 114,702 cases reported in 2019. This surge underscores the growing sophistication and frequency of phishing attacks.
The healthcare industry, in particular, is a prime target for these attacks. The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has not ignored these evolving threats. As recently as December 2023, the OCR sent a clear message to healthcare providers by settling its first phishing cyberattack case under HIPAA. In this case, a hacker had gained access to an email account via phishing and was then able to access ePHI for almost 35,000 individuals. It was notable that the investigation revealed the facility had not performed a risk assessment and did not have policies in place to address cyber threats such as phishing. This settlement emphasizes the necessity for regular risk assessments and adherence to best practices in safeguarding sensitive data.
Research from The Anti-Phishing Working Group (APWG) estimates that four out of ten healthcare data breaches begin with phishing attempts. Moreover, reported phishing attacks have doubled since 2020. The financial repercussions are staggering, with medical facilities facing an average cost of $10 million per breach. These attacks can lead to identity theft, data breaches, and financial fraud, placing healthcare organizations in precarious financial and reputational positions.
A successful phishing attack can impede a healthcare system and cause significant disruption to key services. Healthcare providers can be locked out of systems essential to operations, forcing staff to revert to manual record-keeping. Treatment plans can be compromised, and emergency services may need to be rerouted.
Phishing attacks are becoming increasingly harder to detect and more damaging, partly due to advancements in generative artificial intelligence (AI). In October 2023, the Office of Information Security released a white paper noting that AI, including tools like "FraudGPT," enables cybercriminals to craft more convincing phishing messages. This technological leap demands a more robust and proactive approach to cybersecurity.
Cybercriminals employ various phishing tactics to lure victims into:
Tactics can change over time and often occur in waves, depending upon the success of attacks. As an example, the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) have recently released a joint Cybersecurity Advisory (CSA) to inform healthcare organizations about a new social engineering campaign in which cyber criminals use phishing schemes to steal login credentials and divert automated clearinghouse (ACH) payments to bank accounts controlled by the criminals.
Understanding common phishing tactics can help healthcare organizations implement effective defenses. Tactics include:
The most effective way to protect against phishing scams is by educating employees about the importance of security policies and procedures. Statistics reveal that 88% of healthcare workers open phishing emails at some point in their employment, highlighting the urgent need for comprehensive training programs. Employees who receive training on recognizing phishing scams are significantly less likely to fall victim to such attacks.
HealthStream’s Security Awareness education focuses on best practice tools for employees so they will be equipped to protect sensitive PII and PHI from attack. A good training program should be:
These statistics, sourced from Proofpoint, FBI Internet Crime Center, Barracuda Networks, and IBM, underscore the critical need for improved cybersecurity measures in healthcare.
Earlier this year, HHS released a set of cybersecurity performance goals encouraging healthcare entities to implement basic cybersecurity training, bolster email security, and revoke credentials when employees leave. Although voluntary, HHS has called on congress to enact fines for hospitals that do not meet these measures.
To reduce the likelihood and impact of phishing and other social engineering incidents, healthcare organizations should:
Phishing remains a formidable threat to the healthcare industry, but with vigilant training, robust security measures, and ongoing awareness, organizations can significantly mitigate the risks. It is imperative that healthcare providers prioritize cybersecurity to protect sensitive patient data and ensure the smooth operation of essential services.
Learn about how HealthStream’s Security Awareness education can help protect your organization from security threats.
HealthStream’s learning management system and comprehensive suite of competency management tools empower your healthcare workforce to deliver the best patient care.
View All Learning & PerformanceHealthStream offers performance learning management solutions to help develop your healthcare staff into leaders and reduce turnover.
View All ProductsHealthStream works with healthcare organizations to create engaging and high-quality training videos for your staff and management.
View All ProductsImprove care quality and save money by making informed decisions about your healthcare facility and staff with HealthStream's reporting analytics solution.
View All ProductsHealthStream's proven methods for the improvement and overall engagement of your healthcare staff foster a positive workplace and increase retention rates.
View All ProductsWhen you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.
View All Quality & ComplianceBe confident in your staff’s ability to reduce risk by providing compliance training that changes behavior.
View All ProductsDevelop next-level people for next-level care by prioritizing quality and safety improvements.
View All ProductsEstablish a culture of belonging with education supporting DEI, wellness, engagement, and leadership development.
View All ProductsUtilize patient access solutions and advanced reimbursement solutions to manage clinical denials and improve your organization’s reimbursement strategy.
View All ReimbursementExpand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.
View All Clinical DevelopmentLearn about our advanced resuscitation training solutions. Our solutions are designed to help improve patient outcomes.
View All ProductsUnlocking the full potential of clinicians goes beyond aspiration – it’s a commitment we embody. Our competency development solutions help personalize learning for every clinician so you can confidently bridge the gap between theory and practice for your nurse residents while meeting the unique development needs of your seasoned clinician.
View All ProductsEnhance maternal & child nursing care with solutions focused on improving the quality of care for mothers, infants, and children.
View All ProductsAddress staffing challenges, standardize orientation and onboarding, and deliver an effective training program for your team to easily achieve and maintain certification with our critical, emergency, and acute care solutions.
View All ProductsWe understand the critical importance of earning and maintaining your patients' trust in the delivery of exceptional sedation and surgical outcomes. As a premier provider of healthcare education, we are committed to empowering you in promoting safer, more successful outcomes for each and every patient, without exception.
View All ProductsOur solutions are meticulously designed to cater to the diverse needs of patients, healthcare professionals, and organizations. Within this innovative framework, we have curated specialized subsets of solutions aimed at addressing the ever-evolving challenges faced by individuals dealing with illnesses or chronic conditions.
View All ProductsMake sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.
View All SchedulingHealthcare workforce management is essential. We provide advanced scheduling solutions for organizations to solve issues such as nurse retention
View All ProductsComprehensive, industry-leading provider onboarding and credentialing software that validate health outcomes and support provider assessment.
View All CredentialingOur affordable CVO credentialing services establish patient safety by enabling primary source verification for your healthcare organization.
View All ProductsIntegrate with Epic to validate and add new providers directly to your provider master file.
View All Products