Intermountain’s Cybersecurity team conducts random phishing tests via email. In their most recent test, 4,000 caregivers clicked on the link in the fake phishing email, and 800 of those caregivers entered their user IDs and passwords. Only 11% of our caregivers reported the email with the Phish Alert Report button in Outlook.
Phishing emails target users to gain access to our systems. They often attempt to obtain your password and user ID through malicious websites linked in these emails. Phishing emails are very difficult to spot but can have serious consequences for healthcare organizations like Intermountain.
Cyberattacks have become increasingly common in the healthcare industry in recent years, affecting organizations locally and across the world. For example, University Medical Center in Las Vegas acknowledged last month it had experienced a criminal data breach. Hackers stole and shared photos of hospital patients’ driver’s licenses, passports, and Social Security cards. More than 32 other healthcare providers around the country have been affected by cyberattacks so far this year.
Please remember the following to avoid getting phished:
- Verify all URLS—web addresses—belong to Intermountain. Don’t be fooled by logos and avoid clicking links in suspicious emails.
- If you don’t recognize the sender, don’t open the email.
- Don’t use your Intermountain user ID or password on non-Intermountain websites.
- Pay attention to the warning message, “External Sender: Be aware! Read with care!”
- If you receive a suspicious email, forward click the Phish Alert button in Outlook.
“We each have an obligation to protect Intermountain’s systems and software,” says Paige Ishii from Cybersecurity. “Please remain vigilant and guard your email.”
Learn more about phishing attacks on Intermountain.net.