Phish • ing
/fiSHiNG/
noun
1. The practice of sending fraudulent emails, purportedly from
reputable companies, in order to get people to reveal sensitive
or protected data, such as passwords, credit card numbers, or
healthcare data.
Phishing has frightening implications for all of us—for our bank accounts, our credit worthiness,
and our most private information—our healthcare data. But recent events have made it clear
that phishing has some particularly severe consequences for healthcare organizations. So how
do we prepare ourselves to defend against phishing attacks? More importantly, given that
employees, including physicians, are the frontline in our defense against these kinds of attacks,
how do we train employees to recognize and avoid the threats?
H
ealthStream interviewed Steven Conrad, Managing
Director of MediaPro, to learn more about how
healthcare organizations can defend against this type of
cyberattack. Conrad has experience in improving
organizational performance through effective learning
solutions and has also worked at the strategic level with
many organizations to determine how technology can
be leveraged to improve human performance and
protect organizations from cyberattacks. Understanding Phishing
MediaPro was an early advocate of using online learning
to address phishing and ransomware problems. They
saw a need to train and to change human behavior, and
recognized online learning as a great way to do that.
The company started offering data protection
courseware when companies began asking for this type
of content. Today, they are recognized as a leader in
data protection learning and have developed custom
educational content with a focus on changing behavior
versus simply imparting knowledge. People are what makes organizations so vulnerable
to phishing. Conrad explains, “By nature, people are
helpful so they may not recognize phishing emails for
what they are. The majority of IS professionals, some
66%, acknowledge that humans are the weakest link
in the line of defense against these kinds of attacks.”
The first step in a defense against phishing is to
understand its various forms. Conrad defines
phishing as the practice of sending fraudulent
emails, purportedly from reputable companies or
individuals, in order to get people to reveal sensitive
or protected data. Conrad shares that 70% of all data
breaches can be traced back to a human. In today’s
society the easiest way to get to a human is by email.
There is a lot of good data protection technology in
the market today—everything from firewalls to
anti-virus protection. According to Conrad, “These
HealthStream.com/contact • 800.521.0574 •
Ran • som • ware
/ˈrans mˌwer/
noun
1. A type of
malicious
software
designed
to block
access to a
computer
system until
a sum of
money is
paid.
5