Phishing attacks continue to be the most pervasive IT security threat. A study conducted toward the end of 2018 revealed that online phishing attacks were up 297% over the previous year. Of all emails being sent to Providence St. Joseph Health caregivers, roughly 38% are potentially malicious.
Those easy-to-spot phishing emails, with poor grammar and misspellings, are a thing of the past. Cybercriminals continue to enhance their skills, developing emails that are personalized and targeted to the recipient, using logos, spoofed email addresses (making the sender email address look like it came from a trustworthy source), and even using names of executive leaders at the organizations they target to brand and sign the emails.
If you receive a suspicious-looking email that you suspect is phishing, please report it via the reporter button located (see “Report Phishing Email” button, left) on the Outlook ribbon, or by forwarding as an attachment to spam@providence.org.
One way that PSJH Information Services helps combat phishing attempts is through training and awareness activities aimed at our workforce. The Information Security Governance, Risk and Compliance (ISGRC) team of IS conducts email phishing tests on all caregivers throughout the year.
If you respond to one of our tests and fail it, by clicking into the “test spam” message, you will see a screen that explains to you that you have just fallen victim to a phishing test. If you fail more than one phishing test, you will be assigned mandatory training that is intended to better familiarize you in the identification and proper handling of phishing emails, so that you will not fall victim to a real email phishing attack.
That said, please don’t assume that suspicious email is simply an internal phishing test by Information Security. Any suspicious email is likely a real incident of phishing.
Stats
- 15% – Failure rate of PSJH phishing test messages, where our caregivers took the bait and either responded to the test phishing message or clicked into the links
- 8% – Average failure rate across Healthcare organizations 8%, so PSJH has room to improve
- 219,800 – Number of PSJH ISGRC phishing tests conducted with our caregivers
More info
Have more questions on information security?
- Visit our Information Security Governance, Risk and Compliance (ISGRC) team page
- Join in the discussion on our ISGRC Yammer group
- Contact Information Security Governance, Risk and Compliance at informationsecurity@providence.org