“If Microsoft calls and asks you for your password…it’s not real, ” said Steve LeBlond, VP of Technology and CTO of Ochsner Health System, while speaking at our Digital Health Summit on October 3. “We [Information Technology] will never ask you to log us in.”
Steve was talking about phishing attacks, one of the biggest cybersecurity risks that businesses—especially healthcare organizations—face today. You’d like to think you’d never fall for a scam like that, but the truth is, fraudulent emails, calls, and other penetration attempts aren’t always as obvious as the example he provided. These types of “social engineering” attacks rely on manipulating people and are becoming more and more sophisticated.
How do you avoid social engineering in your healthcare organization?
It starts with a creative, system-wide, ongoing education program.
Why “creative?” Well, let’s be honest: No one wants to sit through a three-hour PowerPoint presentation about security. To be effective, your education must be engaging and relevant. A few tips:
- Consider role-playing the security pitfalls that different employees may encounter each day.
- Illustrate how a phony request for medical records might unfold.
- Acknowledge that password workarounds are tempting—but dangerous.
- Offer tips on working efficiently without breaking security rules.
- Join the growing trend of “penetration tests”—fake phishing emails sent to your own employees to test their knowledge. If they open the link, a page pops up letting them know they’ve been fooled and describing what to look for next time.
Above all, don’t talk down to employees about security—that will only turn them off. Instead, remind them that they’re the guardians of some of the most important information on earth. Help them understand why they’re attractive targets for hackers.
Of course, all the education in the world won’t help if an attack manages to get through, so it’s also important to have technology defenses in place. For a deeper dive on cybersecurity for healthcare organizations, click below to read our white paper.