NHS staff have to be an integral part of any serious security posturing, and that means effective ongoing awareness training
Digital Health News recently reported that a security breach prompted the East Anglian Air Ambulance (EAAA) service to issue a warning about the dangers of phishing. The warning was aimed at both staff and public and centred on the risk of receiving a malicious spoofed email from within the EAAA. “If you receive an email from someone you know within our organisation with the subject line: ‘Update message from …’ please do not open it and delete it immediately,” the statement read.
Good advice in the circumstances, and EAAA – which is a charity – did the right thing in getting that statement out as quickly as possible. But that’s where the positivity, such as it is, ends for me. That the breach was the result of a staff email account being hacked and organisational contacts therefore being sent the phishing e-mail underscores a common problem: a lack of meaningful cybersecurity awareness among health and care employees.