New Security Awareness Training Program Helps Healthcare Organizations Manage End-User Risk

The news for healthcare organizations has been pretty gloomy of late. The largest number of reported data breaches for four years in a row. More than 112 million records breached in the U.S. last year. Per-record data breach costs more than double that of retail breaches ($363 vs. $154). To say nothing of the recent rash of ransomware attacks.

But there is a bright spot: a cyber security education solution that is designed to help healthcare organizations protect staff, patients, and systems from cyber attacks, and teach staff members how to apply best practices within the workplace and beyond. That bright spot is Wombat’s new Healthcare Security Awareness and Training Program.

How Wombat Helps Healthcare Organizations Reduce End-User Risk

With Phase 2 of HIPAA audits under way, there’s never been a better time for healthcare organizations to prioritize cyber hygiene and data security, and educate their staff members about the ways they can protect themselves and the patients they serve. We’ve applied our expertise and worked with our healthcare customers to identify the knowledge gaps that are among the most pressing, and the risky behaviors that pose the greatest threats to protected health information (PHI) as well as business-critical data and systems.

We have the tools you need to diagnose and treat end-user-driven cyber security ills. It wouldn't make sense to diagnose a problem without treating it, nor would it be effective to treat a problem without a diagnosis. Our approach is a prescription for all-around wellness that will help administrators correct and prevent risky behaviors.

Our Healthcare Security Awareness Training Program provides a path for healthcare organizations to follow in developing and executing cyber security education initiatives. The suggested solution set includes the following components:

• CyberStrength® assessments, particularly our PHI Predefined CyberStrength assessment, which allows administrators to evaluate knowledge of PHI safeguards and automatically assign training to any staff members who do not exhibit a desired level of proficiency.
• ThreatSim® simulated phishing attacks, which are critical for assessing users’ susceptibility to email-based social engineering attacks. Our customizable templates (including those that are specific to the healthcare industry) enable you evaluate staff members’ reactions to a variety of messages.
• A selection of interactive training modules, which offer succinct (10- to 15-minute), targeted education about topics like PHI, how to avoid phishing emails, physical security safeguards, and how to protect sensitive data throughout its lifecycle.
• Reinforcement tools that keep security top-of-mind year round. Our PhishAlarm® email reporting button allows staff members to report suspicious emails with a single mouse click and delivers all the technical information your response team needs to evaluate the threat. And our portfolio of Security Awareness Materials — including posters, images, and incentives — offer visual cues that remind staff members of the best practices they’ve learned.
• Dynamic reporting tools that enable you to establish a baseline vulnerability measurement, gauge progress, and export data to share with stakeholders.
• Exceptional service and support from our award-winning Customer Support Team, plus an exclusive Best Practices document that provides guidance on running a successful program and shows how all of the pieces of this bundle fit into our unique and effective Continuous Training Methodology. 

We’ve helped covered entities, business associates, and other healthcare-related businesses reduce successful phishing attacks and malware infections from the wild. Even in the short term, healthcare organizations have realized substantial improvements, as has been shown in our Proof of Concept documentation.

“Since partnering with Wombat, we've seen a significant increase in user awareness and recognition of suspicious emails,” said the Senior Manager of IT Operation at Monongahela Valley Hospital. “Instead of clicking on these messages, our employees have caught and alerted us to more than ten separate phishing attacks, and in the ten months following the launch of our Wombat training program, we have seen a dramatic decline in infections caused by inappropriate email activity.”

“Our partnership with Wombat has been a true success and has helped us to educate individuals at all levels of our organization, which we feel is critical to protecting our patient's healthcare information, our employees' data, and our internal networks and systems,” he added.

Your Partner in Fighting Cyber Crime

The unique challenges faced by healthcare organizations can make security awareness and training a difficult proposition. Time and man-hours are hot-button topics in all organizations, but we recognize that the complexities of staff and shift management often set healthcare organizations apart from other enterprises.

That’s why a program like Wombat’s — which offers flexibility in planning and execution — is an ideal choice for organizations in this space. With our interactive modules, staff members can fit training assignments into their schedules, not the other way around. There’s no need to search calendars for a “good time” to gather a bunch of people in a room for an hour-long cyber security training presentation. And staff don’t need to stress about finding an hour (or more) in their jammed schedules to watch a video that won’t hold their interest.

“Healthcare institutions are increasingly targeted by hackers, making it absolutely critical to deliver effective training to anyone who is not well-informed of HIPAA-mandated safeguards,” said Joe Ferrara, President and CEO of Wombat Security. “Our new healthcare program gives organizations a powerful suite of tools to protect healthcare information and patient records, while improving an organization’s security posture. We are committed to providing our customers with the tools they need to change employee behavior and reduce risk within their organizations.”