Solutions

Solutions powered by
Learn More.
abaqis for Skilled Nursing

abaqis®

Mitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.

Learn More

NEW TO THE STORE

hStream Content Marketplace

NurseGrid Learn

Online store for Clinical Learners. Individual CE Credit and industry products for Clinical Learners are now available through NurseGrid Learn (Beta). Explore our robust collection of courses that provides an unparalleled level of flexibility and choice.

DEA MATE Opioid and Substance Use for Practitioners

Meet the DEA's new requirement under the Medication Access and Training Expansion (MATE) Act in an online and self-paced 8-hour DEA MATE Act course specifically designed for practitioners, including Physicians, PAs, NPs, Pharmacists, Dentists and others.

LATEST & POPULAR

BLOG

Nurse Strikes are Scary, but License Verification Doesn’t Have to be
BLOG

Mind Matters: The Interplay of Staff Wellness in Quality Outcomes
BLOG

Unlocking Revenue in Healthcare: The Power of Efficient Credentialing
On-Demand Webinar

Understanding ENA’s Emergency Severity Index Handbook, 5th Edition
On-Demand Webinar

From Regulations to Realities: Nurse Staffing, Unions, and the ShiftWizard Advantage
On-Demand Webinar

myClinicalExchange Empowers Logan Health to Transform Student Onboarding

< HealthStream Resources

What Makes Healthcare So Vulnerable to Phishing Attacks?

April 1, 2021
April 1, 2021

Phishing has frightening implications for all of us—for our bank accounts, our credit worthiness, and our most private information—our healthcare data. But recent events have made it clear that phishing has some particularly severe consequences for healthcare organizations. So how do we prepare ourselves to defend against phishing attacks? More importantly, given that employees are the frontline in our defense against these kinds of attacks, how do we train employees to recognize and avoid the threats?

HealthStream interviewed Steven Conrad, Managing Director of MediaPro, to learn more about how healthcare organizations can defend against this type of cyberattack. Conrad has experience in improving organizational performance through effective learning solutions and has also worked at the strategic level with many organizations to determine how technology can be leveraged to improve human performance and protect organizations from cyberattacks.

What Makes Us Vulnerable?

When asked about employee readiness to defend against a breach, Conrad points to the results of a recent MediaPro survey that showed just 28% of healthcare employees demonstrated the privacy and security awareness necessary to prevent incidents that could lead to a breach. Of the 850 healthcare employees surveyed, the majority (72%) were rated a “security risk” or “novice” based on their survey responses, demonstrating a clear need for better training (Schwartz, 2017).

Conrad believes that the most susceptible organizations are the ones that fail to direct their focus and resources to where their organizations are really the most vulnerable–their people. Conrad says, “The hardware and software technology is great and is very effective, but now we need to focus on the human element and ensure that we are educating employees to properly protect data and reduce risk.” In healthcare, the biggest payout is by blocking access to data—in other words ransomware. Conrad says, “If a bad actor can lock down their files, they’re going to pay up and they’re going to pay up fast.”

Conrad cites several reasons healthcare is particularly vulnerable to cyberattacks. For one thing, healthcare simply doesn’t have the resources to protect themselves like other industries. Additionally, there is a relatively high employee turnover rate in healthcare, making training more complicated. It’s also an industry with a lot of very time-sensitive and critical data that is spread across multiple locations ranging from the inpatient setting to ancillary locations and physician offices.

Physicians and their office staff are key targets for ransomware and phishing attacks. Conrad explains, “They work in a fast-paced environment that values patient satisfaction. Because of this, they may look to respond quickly to a phishing email attempt and miss the warning signs. A hasty decision, made with good intentions, can easily lead to very severe consequences.”

This blog post excerpts an article in our complimentary eBook, Workforce Readiness: Preparing Today for Tomorrow’s Unknown. Download it here.

Reference:

Schwartz, J. (2017). “Infographic: 2017 Privacy and Security Awareness in Healthcare,” MediaPro, https://www.mediapro.com/blog/infographic-2017-privacy-security-awareness-healthcare/