healthAlliance NZ is the largest shared ICT services provider to the public health sector in New Zealand, with more than 26,000 customers across a network of more than 10 hospital sites.
With healthcare now the most targeted sector for cyber-crime and ransomware attacks, healthAlliance is constantly looking for smart technologies and solutions to help mitigate its risk.
“Health is now the number one target for ransomware around the world – more so than Finance, Retail, Transportation and Manufacturing,” says Liz Schoff, Security Consultant at healthAlliance. “The value of a health record on the dark web can be as much as USD $100, compared to just a few dollars for a black-market credit card number,” she adds. “The reason is when a credit card number or bank account number is compromised it can pretty quickly be shut down and not used again, but health information sticks with people forever,” she explains. “The value of stolen or ransomed health information remains the highest and that’s why we continue to get targeted the most,” she adds.
In today’s world you cannot run a hospital without computers. Patient information is held online, and computers are used to run various essential operations every day. “There have been instances where hospitals have been forced to pay when a cyber-criminal has managed to encrypt a hospital network and demand a ransom,” says Ms Schoff. “It is absolutely critical for us to make sure that all of our staff understand how to identify phishing emails and not have a behaviour that could lead to a compromise of our network,” she adds.
These behaviours could be clicking on links, giving away one’s credentials or downloading attachments that might have viruses. “Even though there are technologies to reduce risks by looking at attachments before they are downloaded, or by checking websites before you allow someone to visit them, cyber-criminals are always innovating and they’re getting smarter,” says Ms Schoff. “It’s really hard to have technology that’s 100% up to speed, so having an educated staff is absolutely the best defence a hospital can have,” she adds.
In recognising its increased potential for phishing attacks, healthAlliance began looking for solutions that could help it better manage the risk by training its employees to identify phishing emails. “We had heard that another district health board in New Zealand had run with Shearwater’s Phriendly Phishing software, so we touched base with them and asked about how it was working,” says Ms Schoff. “When another organisation in our sector successfully uses a solution, word gets around, and that gives us an immediate level of comfort that the product should also work for us,” she adds.
Phriendly Phishing is a Phishing Awareness and Simulation program designed to help organisations measure, track and improve their staff’s ability to identify and manage phishing and spear-phishing threats. Typically, up to 70 out of 100 employees would open a spear-phishing email, and 35 would click on the embedded link. The resulting ransomware can cause significant business disruption and costly remediation, not to mention reputational damage. With Phriendly Phishing, organisations get a fully managed, comprehensive and measurable training solution, with easyto-use tools that will help them to understand their organisation’s overall phishing risk profile, educate their staff, nurture awareness and prove successful behavioural change across their organisation.
Phriendly Phishing works in three simple stages:
With the decision made to run with Phriendly Phishing, healthAlliance needed to work out how to best use the solution across its organisation. “My role at healthAlliance was to put together a plan around how we would best use Phriendly Phishing, recognising that it needed to go beyond simple awareness and training, and needed to help us in supporting our team to shift from risky to safe behaviour,” says Ms Schoff. ”Shearwater Solutions provided us with an excellent portal with a lot of automated interfaces and reporting modules which we felt were fundamental to allowing us to continue to effectively manage awareness and positive behavioural change across the business,” she adds.
The size of, and daily demands on, the healthAlliance IT network sometimes adds complexity to the implementation of new software solutions. “The implementation went very smoothly and that reflects both the user-friendly nature of the product, and the excellent support of the Shearwater team,” says Ms Schoff. “We required some minor vocabulary modifications to the training modules and some additional types of reporting, and the support we received was always really responsive,” she adds.
healthAlliance has been sending its monthly simulated phishing emails for more than 6 months and they are delighted with the results they are seeing across the organisation. “The Phriendly Phishing portal is a great tool and allows us to see specifically who’s recording scams, and more importantly identify the staff who continually click on the simulated links,” says Ms Schoff.
Hospitals are vulnerable because doctors and nurses are very busy people. Cyber criminals are also getting smart about the times they send their phishing emails, on or around shift changes. “When you’re busy it’s easy to forget and quickly look at your emails, open messages and click links because you’re rushed,” says Ms Schoff. “Our training programmes, which send simulated phishing emails every month, provide the platform for our people to get a regular reminder to keep sharp and alert to threats,” she adds.
When asked if healthAlliance believes it is a safer organisation because of the introduction of Phriendly Phishing by Shearwater Solutions, Ms Schoff is in no doubt. “We know that the behaviour across the organisation has improved because we can measure exactly how many people are recording our simulated links, and more importantly we have clear evidence our people are clicking less on dangerous links,” concludes Ms Schoff.