Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. JAMA study highlights the dangers of phishing attacks for health care organizations

      Articles

    Article

    JAMA study highlights the dangers of phishing attacks for health care organizations

    April 11, 2019

    LinkedInX (Twitter)EmailCopy URL

    By Valerie Montague

    Phishing simulations decreased the odds of an employee clicking on a malicious email, emphasizing the need for organizations to train their workforces.

    On March 8, 2019, JAMA published a study analyzing the effects of simulated phishing emails at U.S. health care organizations. Concluding that the click rates for the simulated phishing emails present a big cybersecurity risk for health care organizations, the study provides helpful insight into how to prepare an organization’s workforce to detect harmful emails.

    Phishing emails are deceptive communications intended to trick recipients into disclosing their security credentials or otherwise sharing sensitive information. Oftentimes, a sender’s identity is spoofed, tricking the recipient into thinking that the email originated from within their organization or that it was sent by a colleague or superior. Hospitals and other health care organizations are attractive targets of cyberattacks, as they have high-value personal and health data.

    The study analyzed six health care organizations across the United States as they participated in simulated phishing emails between August 1, 2011 and April 10, 2018. The phishing emails fell into three categories: office-related, personal, and information technology-related. The emails were sent to employees in all types of roles. In total, approximately 2.9 million simulated phishing emails were sent, and recipients clicked on approximately 422,000 of them (approximately 14%). This means that the employees from the studied health care organizations clicked on an average of almost one in seven of the simulated phishing emails.

    The study showed that the median click rates were higher for the information technology-related simulated phishing emails (18.6%) than the office-related emails (12.2%).

    The study noted that repeated phishing simulations decreased the odds of an individual clicking on a simulated phishing email, which highlights the importance of the phishing simulation process and other forms of personnel training on these types of attacks.

    As hospitals and other health care organizations face financial and care-related consequences from cyberattacks, this study emphasizes the need for health care organizations to train their workforces on cybersecurity best practices, including through simulated phishing emails. As the study noted, it only takes one successful phishing incident to paralyze a system that is critical to the patient care provided by a health care organization. The study cited to several elements that may make a health care organization more vulnerable to a cyberattack, including a continuous stream of new employees, the use of a large number of information technology systems, and devices and systems that are highly interdependent. It also discussed other techniques that health care facilities can use to prevent or limit personnel from clicking on phishing emails, including using technology to try to filter suspicious emails and indicate on emails when they are sent by a person outside of the organization.

    Copyright © 2019, American Health Lawyers Association, Washington, DC. Reprint permission granted.

    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved