Quality & Patient Safety

Phishing with staff: Using fear to teach cybersecurity

Patient Safety Monitor, January 1, 2018

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Patient Safety Monitor.

Send out your own ‘spam’ emails to test staff

“Critical Microsoft update, please back up your system now.”

“Hey it’s Phil, we’re having a problem processing your paycheck. I need you to fill out this form ASAP.”

“We’ve detected suspicious activity on your Facebook account and you need to verify your account now before it’s permanently deleted.”

Phishing emails aren’t just aimed at getting credit card numbers, usernames, passwords, and (in the case of hospitals) patient records and data. They are also used to spread ransomware, like the WannaCry virus in 2017.

Consider testing how well staff practice safe email infection control by having your IT staff send a fake message to track who opens an attachment or clicks on a link they shouldn’t.

What is phishing?

Phishing is an attempt to trick you into giving up personal information. While there are many phishing methods, one of the most common is fake emails that download malware onto your computer when clicked. These emails often look like they come from a company you know (Facebook, PayPal, Apple) or someone at your workplace (for example, from IT or HR).

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Patient Safety Monitor.

Most Popular