How a National Healthcare Provider Mitigates Spearphishing With SecurityIQ’s PhishNotify

Executive Summary:

  • Client: Managed healthcare service provider with clients in over 30 states. It employees over 3,000 corporate employees and 600 physicians.
  • Contract Size: 900 learner seats
  • Products Used: SecurityIQ phishing simulations, HIPAA, PHI and general awareness training modules and the PhishNotify™ suspicious email reporting plugin.

Protected health information (PHI) brings a hefty price on the black market, making healthcare organizations like this healthcare service provider a prime hacker target. The company previously included new-hire security training as part of their onboarding process, but wanted to go one step further to ensure stored PHI was protected year around. With every unauthorized PHI disclosure considered a HIPAA violation, the company saw awareness training as an important risk reduction tool.  

After looking at several security awareness training platforms, the IT team selected SecurityIQ for its role-based healthcare awareness training and attractive pricing structure. Since launch, the company has increased security awareness, reduced phishing susceptibility rates and improved incident response with help from the SecurityIQ PhishNotify email reporting tool.

In this Q&A, the company discusses how they’ve used SecurityIQ to boost employee security awareness and stay HIPAA compliant.

Why Did You Pick SecurityIQ as Your Awareness Training Solution?

We looked at a few other platforms, but picked SecurityIQ because of its pricing structure. Access to all training content was included in every account tier. This was a big factor in our decision-making process.

Before SecurityIQ, we’d administer security training during the onboarding process. We would cover password hygiene and how to report an incident, but that was it. With SecurityIQ, we now have the ability to reinforce training year-round on specific topics like PHI regulations. This ensures security is fresh in everyone’s mind.

Tell Me About Your First Phishing Campaign. How Did Employees Perform?

We ran a phishing simulation before launching our (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Megan Sawle. Read the original post at: