Why Employees (Still) Click on Phishing Links: An Investigation in Hospitals

Jalali, Mohammad S.; Bruckes, Maike; Westmattelmann, Daniel; Schewe, Gerhard

doi:10.2196/16775

Cited by 67 publications

(64 citation statements)

References 72 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Furthermore, health services staff often have limited previous experience with remote working and with planning for this change, which leaves the sector vulnerable to cyberattacks [ 9 , 14 , 19 ]. As health services make use of a variety of medical devices, interconnectivity and interoperability create issues as they are now being accessed from outside health services’ internal network perimeter.…”

Section: Resultsmentioning

confidence: 99%

“…As health services make use of a variety of medical devices, interconnectivity and interoperability create issues as they are now being accessed from outside health services’ internal network perimeter. The medium and mode of access creates problems as access to the sensitive parts of health services can be reached via unsecured network connections or unpatched systems by staff working remotely [ 19 ]. In addition, some medical devices use off-the-shelf software, such as commercial operating systems (eg, older versions of Windows).…”

Section: Resultsmentioning

confidence: 99%

“…For example, the remote desktop protocol has a history of security issues and generally should not be publicly accessible without additional protections such as firewall, whitelist, and multifactor authentication [ 10 ]. Likewise, VPNs also have some known and unknown vulnerabilities, both on the client and server side, which have been exploited for years by cybercriminals [ 19 ]. The DDoS attacks on health care systems [ 14 ] and the innumerable wireless connected devices [ 9 ] have created further challenges to a remote work environment.…”

Section: Resultsmentioning

confidence: 99%

“…With sudden changes in working practices, being under stress for an extended period of time makes employees vulnerable to falling into malicious trickery and making mistakes [ 28 ]. According to Jalali at al [ 19 ], there is a statistically significant positive correlation between workload and the probability of a health care staff opening a phishing email. Naidoo et al [ 25 ] developed a multilevel influence model to explore how cybercriminals exploited the COVID-19 pandemic using social engineering techniques.…”

Section: Resultsmentioning

confidence: 99%

See 3 more Smart Citations

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

He¹,

Aliyu²,

Evans³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

Background COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others. Objective The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic. Methods A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula “(covid OR healthcare) AND cybersecurity.” Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions. Results We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware. Conclusions This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

See 2 more Smart Citations

Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review

He¹,

Aliyu²,

Evans³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

show abstract

“…Recent research in hospitals shows that among several personal characteristics and organizational conditions, employees’ workload had the strongest impact on the rate of clicking on phishing links. 5 While extensive emailing of announcements may be needed to keep employees up to date during the pandemic, it could unnecessarily add to workload, putting them at higher risk of clicking on phishing emails. Moreover, best-practice security behaviors must be followed—encrypting data, keeping software updated, running antivirus software, using 2-factor authentication, and following local cybersecurity regulations or recommendations.…”

mentioning

confidence: 99%