The premier resource for hospital professionals from Relias Media, the trusted source for healthcare information and continuing education.
Want Effective Training on Ransomware? Have `Men in Black’ Attack Aliens
September 1st, 2016
With increasing reports of ransomware hitting hospitals and outpatient practices, and most of those attacks due to human error, healthcare providers are looking for effective and fun ways to train their staffs. For one hospital, that means dressing up like characters in the “Men in Black” movies and attacking “aliens” that are trying to invade the facility’s computers.
At UMC Health System in Lubbock, TX, the “aliens” are suspicious downloads and USBs, infected devices, and similar items. When someone contacts the Information Security (IS) staff to report something suspicious, those staff members show up dressed like the ‘Men in Black’ and give out a toy alien to put next to the computer or another infected device. The clinicians love the fun, and it has built support and trust with the Information Security staff.
The efforts don’t stop there. The IS staff run a competition on phishing and publish the results in a “Phish Market” newsletter. They create phishing emails and send them to staff from outside email addresses. They try to look as legitimate as possible to see who they catch. The staff monitor who clicks on the links. The staff members who don't click end up in the ‘Phish Market,’ and they also receive a T-shirt to make it fun.
“The competition has raised the visibility of phishing, the most popular way of infecting devices and getting ransomware into a network,” says Ellen M. Derrico, MBA, a marketing/market development executive in healthcare and life science technologies and an independent consultant in West Chester, PA. “It has also reduced phishing success by over 70% and increased the clinician satisfaction with IT by 88%.” (For more information on how to avoid and respond to ransomware, see the upcoming October issue of Same-Day Surgery.We'll be tweeting @SameDaySurgery when its posted. Also keep up with ongoing ransomware news in our Healthcare Risk Management newsletter.)
Joy Daughtery Dickinson is executive editor of the hospital group of publications at AHC Media in Atlanta and long-time editor and writer of Same-Day Surgery. She has won nine national awards from the Specialized Information Publishers Association and the Association of Business Information & Media Companies for her blogging, news writing, and editing. She makes her home in southwest Georgia.