When it comes to phishing attacks, you probably don’t give it a second thought when someone else gets phished. But maybe you should.

According to a new article on the Help Net Security website, “Cybersecurity threats are a rising problem in society, especially for healthcare organizations. Successful attacks can jeopardize not only patient data, but also patient care, leading to cancellations and disruptions in the critical services that hospitals provide.”

That’s right. A healthcare provider getting attacked can put your health in danger. We’ve already seen how a healthcare facility in Spokane, WA was forced to pay $15,000 ransomware to regain access to encrypted files or it would have put patient surgeries at risk.

The article goes on to explain that a study on phishing click rates conducted by investigators from Brigham and Women’s Hospital found high click rates for simulated phishing attacks. “Brigham investigators aggregated data from six anonymized U.S. healthcare institutions representing a broad spectrum of care and geography. In total, they analyzed click rates for more than 2.9 million simulated emails.”

What the study found is that 14.2% of simulated phishing emails were clicked. That equates to approximately one in every seven emails. But they added that with increased education and 10 or more phishing simulation campaigns, that rate could be reduced by a third.

Seriously? Anyone who read this article should be outraged. There seems to be some sense of satisfaction amongst the investigators that increased employee phishing awareness training can get the click rate down to about 10%. Apparently they don’t realize that it only takes ONE click to infect a network and compromise an entire hospital.

How is it possible that the healthcare industry doesn’t know there are inexpensive and readily available cloud-based solutions for phishing protection that can make their employee click rates irrelevant? How is it that the investigators didn’t look into the increased protection from these services as part of their research?

We know from research that it’s impossible to get employees to stop clicking on malicious links in emails completely. So, why does the healthcare industry see more education as the key to protection?

Phishing awareness training should be part of a holistic approach to cyber-security. But, cloud-based phishing protection with real-time link scanning is what smart organizations use to stop phishing emails and fully protect themselves today.

If you work in IT at a healthcare organization and you’re not yet taking advantage of cloud-based threat protection technology, reach out to us at PhishProtection and let us help you protect your patients.