How to Prevent Phishing Scams in Healthcare

When the issue of cybersecurity comes up, healthcare organizations immediately focus on the technology and security measures available to defend themselves from cyberattacks.

But gaps in cybersecurity defenses often occur because many organizations fail to consider the impact of their employees’ actions. Data breach reports state over and over that “the human factor,” or human error, is the leading cause for most security failures.

Many of these security incidents occur by employees clicking on phishing emails. Helping employees understand the threat that can come from these emails protects your organization from a data breach, financial fraud, and more.

What is Phishing?

Phishing emails are a common and effective way for data thieves to trick employees into revealing sensitive information. While few are inclined to take an email from a supposed Nigerian prince asking for money seriously, an email from your organization’s bank, Amazon, or even your CEO with a file attachment or a request for information is a different matter.

A phishing attack’s goal is to trick the victim into engaging with the attacker’s malicious email. Attackers may try to get the victim to open a malicious file attachment or click a link containing malware. If successful, the attacker can compromise your organization’s network, steal login credentials or money, and more.

“Thieves are diligent in gathering background information on their targets from social media, blogs, and other websites to appear more credible when crafting their scams,” according to Tokio Marine cybersecurity experts. “Attackers then play on emotional triggers including fear, urgency, and authority to trick their target into making impulsive decisions without thinking.

Phishing Prevention

So if human error or negligence is the problem, how do employers fix it?

According to Tokio Marine? Increasing employee awareness is the key to thwarting phishing attacks. The more employees are educated about this type of email attack, the better the chances of recognizing such attacks and using good defense protocols.

One of the best ways to increase awareness is through practice. Facilitated by LHA Trust Funds, Tokio Marine is now offering free online training and phishing simulations for LHA Trust Funds members.

The phishing simulation program works like this:

• Contact the Tokio Marine Training Coordinator at support@eplaceinc.com.
• The Training Coordinator will deploy a planned simulated phishing campaign on your employees, sending phishing emails to your employees to identify those who are more susceptible to such attacks.
• Tokio Marine will deliver a report to your organization with the campaign results.
• The Tokio Marine Training Coordinator can then help your organization implement online training courses for vulnerable employees.

The LHA Trust Funds partnership with Tokio Marine also means members have pre-paid access to resources and experts that will help protect your organization from cyber threats. These resources can be found at Tokio Marine CyberNET.

For Tokio Marine CyberNET login information, please contact Vice President of Patient Safety & Risk Stacie Jenkins at (225) 368-3823 or staciejenkins@lhatrustfunds.com.

Learn More

Need more cybersecurity resources? Search our Cyber Liability & Risk Toolkit for the latest information regarding cyber liability risks.

Confused about your cyber liability coverage? We explain basic cyber liability coverage components here.

Curious about higher limits? Learn more about why you may need them here.

Learn how your cyber coverage may cover HIPAA violations here.