• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

评估美国医疗体系内高风险员工强制参加网络钓鱼培训计划的效果。

Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system.

机构信息

Division of General Internal Medicine and Primary Care, Brigham and Women's Hospital, Boston, Massachusetts, USA.

Harvard Medical School, Boston, Massachusetts, USA.

出版信息

J Am Med Inform Assoc. 2019 Jun 1;26(6):547-552. doi: 10.1093/jamia/ocz005.

DOI:10.1093/jamia/ocz005
PMID:30861069
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC6515532/
Abstract

OBJECTIVE

The study sought to understand the impact of a phishing training program on phishing click rates for employees at a single, anonymous US healthcare institution.

MATERIALS AND METHODS

We stratified our population into 2 groups: offenders and nonoffenders. Offenders were defined as those that had clicked on at least 5 simulated phishing emails and nonoffenders were those that had not. We calculated click rates for offenders and nonoffenders, before and after a mandatory training program for offenders was implemented.

RESULTS

A total of 5416 unique employees received all 20 campaigns during the intervention period; 772 clicked on at least 5 emails and were labeled offenders. Only 975 (17.9%) of our set clicked on 0 phishing emails over the course of the 20 campaigns; 3565 (65.3%) clicked on at least 2 emails. There was a decrease in click rates for each group over the 20 campaigns. The mandatory training program, initiated after campaign 15, did not have a substantial impact on click rates, and the offenders remained more likely to click on a phishing simulation.

DISCUSSION

Phishing is a common threat vector against hospital employees and an important cybersecurity risk to healthcare systems. Our work suggests that, under simulation, employee click rates decrease with repeated simulation, but a mandatory training program targeted at high-risk employees did not meaningfully decrease the click rates of this population.

CONCLUSIONS

Employee phishing click rates decrease over time, but a mandatory training program for the highest-risk employees did not decrease click rates when compared with lower-risk employees.

摘要

目的

本研究旨在了解针对美国某单一匿名医疗机构员工的网络钓鱼培训计划对网络钓鱼点击率的影响。

材料与方法

我们将研究人群分为两组:违规者和非违规者。违规者被定义为至少点击过 5 封模拟网络钓鱼电子邮件的人员,而非违规者则未点击过。在对违规者实施强制性培训计划之前和之后,我们计算了违规者和非违规者的点击率。

结果

在干预期间,共有 5416 名员工收到了所有 20 次活动的邮件;772 人点击了至少 5 封电子邮件,被标记为违规者。在 20 次活动期间,只有 975 名(17.9%)员工点击了 0 封网络钓鱼电子邮件;3565 名(65.3%)员工点击了至少 2 封电子邮件。随着 20 次活动的进行,每个组的点击率都有所下降。在第 15 次活动后启动的强制性培训计划对点击率没有显著影响,违规者仍然更有可能点击网络钓鱼模拟。

讨论

网络钓鱼是针对医院员工的常见威胁载体,也是医疗保健系统重要的网络安全风险。我们的工作表明,在模拟环境下,随着模拟次数的增加,员工的点击率会下降,但针对高风险员工的强制性培训计划并没有显著降低该人群的点击率。

结论

随着时间的推移,员工的网络钓鱼点击率会下降,但与低风险员工相比,针对最高风险员工的强制性培训计划并不能降低点击率。

相似文献

1
Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system.评估美国医疗体系内高风险员工强制参加网络钓鱼培训计划的效果。
J Am Med Inform Assoc. 2019 Jun 1;26(6):547-552. doi: 10.1093/jamia/ocz005.
2
Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions.美国医疗机构中员工易受网络钓鱼攻击的评估。
JAMA Netw Open. 2019 Mar 1;2(3):e190393. doi: 10.1001/jamanetworkopen.2019.0393.
3
Phishing in healthcare organisations: threats, mitigation and approaches.医疗保健机构中的网络钓鱼:威胁、缓解措施及应对方法。
BMJ Health Care Inform. 2019 Sep;26(1). doi: 10.1136/bmjhci-2019-100031.
4
Why Employees (Still) Click on Phishing Links: Investigation in Hospitals.为何员工(仍然)会点击网络钓鱼链接:医院调查
J Med Internet Res. 2020 Jan 23;22(1):e16775. doi: 10.2196/16775.
5
The role of cue utilization in the detection of phishing emails.线索利用在钓鱼邮件检测中的作用。
Appl Ergon. 2023 Jan;106:103887. doi: 10.1016/j.apergo.2022.103887. Epub 2022 Aug 26.
6
Phishing simulation exercise in a large hospital: A case study.大型医院中的网络钓鱼模拟演练:一项案例研究。
Digit Health. 2022 Mar 16;8:20552076221081716. doi: 10.1177/20552076221081716. eCollection 2022 Jan-Dec.
7
Informing, simulating experience, or both: A field experiment on phishing risks.告知、模拟体验还是两者兼而有之:关于网络钓鱼风险的现场实验。
PLoS One. 2019 Dec 18;14(12):e0224216. doi: 10.1371/journal.pone.0224216. eCollection 2019.
8
So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility.这么多网络钓鱼,时间太少了:探索电子邮件任务因素和网络钓鱼易感性。
Hum Factors. 2022 Dec;64(8):1379-1403. doi: 10.1177/0018720821999174. Epub 2021 Apr 9.
9
Embedding Training Within Warnings Improves Skills of Identifying Phishing Webpages.在警告中嵌入培训可提高识别钓鱼网页的技能。
Hum Factors. 2019 Jun;61(4):577-595. doi: 10.1177/0018720818810942. Epub 2018 Dec 10.
10
The Phishing Email Suspicion Test (PEST) a lab-based task for evaluating the cognitive mechanisms of phishing detection.钓鱼邮件怀疑测试(PEST)是一种基于实验室的任务,用于评估钓鱼检测的认知机制。
Behav Res Methods. 2021 Jun;53(3):1342-1352. doi: 10.3758/s13428-020-01495-0. Epub 2020 Oct 19.

引用本文的文献

1
Legal implications for clinicians in cybersecurity incidents: A review.临床医生在网络安全事件中的法律责任:综述。
Medicine (Baltimore). 2024 Sep 27;103(39):e39887. doi: 10.1097/MD.0000000000039887.
2
Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review.医疗保健系统易受网络攻击及相关社会技术解决方案:系统评价。
J Med Internet Res. 2024 May 31;26:e46904. doi: 10.2196/46904.
3
Hospital cybersecurity risks and gaps: Review (for the non-cyber professional).医院网络安全风险与差距:综述(面向非网络专业人员)
Front Digit Health. 2022 Aug 11;4:862221. doi: 10.3389/fdgth.2022.862221. eCollection 2022.
4
The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19.新冠疫情骗局:新冠疫情期间网络钓鱼攻击及其应对措施调查
IET Inf Secur. 2022 Sep;16(5):324-345. doi: 10.1049/ise2.12073. Epub 2022 Jul 4.
5
Phishing simulation exercise in a large hospital: A case study.大型医院中的网络钓鱼模拟演练:一项案例研究。
Digit Health. 2022 Mar 16;8:20552076221081716. doi: 10.1177/20552076221081716. eCollection 2022 Jan-Dec.
6
Hospitals' Cybersecurity Culture during the COVID-19 Crisis.新冠疫情危机期间医院的网络安全文化
Healthcare (Basel). 2021 Oct 7;9(10):1335. doi: 10.3390/healthcare9101335.
7
Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities.公共卫生保健机构医疗保健专业人员的信息安全意识和行为。
Appl Clin Inform. 2021 Aug;12(4):924-932. doi: 10.1055/s-0041-1735527. Epub 2021 Sep 29.
8
Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review.人为因素对医疗机构网络安全的影响:系统综述。
Sensors (Basel). 2021 Jul 28;21(15):5119. doi: 10.3390/s21155119.
9
Electronic Paper Displays in Hospital Operations: Proposal for Deployment and Implementation.医院运营中的电子纸显示屏:部署与实施建议
JMIR Form Res. 2021 Aug 4;5(8):e30862. doi: 10.2196/30862.
10
Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review.COVID-19 大流行下的医疗保健网络安全挑战与应对策略:范围综述。
J Med Internet Res. 2021 Apr 20;23(4):e21747. doi: 10.2196/21747.

本文引用的文献

1
Threats to Information Security - Public Health Implications.信息安全威胁——对公共卫生的影响
N Engl J Med. 2017 Aug 24;377(8):707-709. doi: 10.1056/NEJMp1707212. Epub 2017 Jul 12.
2
Cyberattack on Britain's National Health Service - A Wake-up Call for Modern Medicine.对英国国民医疗服务体系的网络攻击——给现代医学的一次警钟。
N Engl J Med. 2017 Aug 3;377(5):409-411. doi: 10.1056/NEJMp1706754. Epub 2017 Jun 7.
3
Hospital Risk of Data Breaches.医院数据泄露风险。
JAMA Intern Med. 2017 Jun 1;177(6):878-880. doi: 10.1001/jamainternmed.2017.0336.
4
The Big Phish: Cyberattacks Against U.S. Healthcare Systems.大“鱼”:针对美国医疗系统的网络攻击
J Gen Intern Med. 2016 Oct;31(10):1115-8. doi: 10.1007/s11606-016-3741-z.
5
When 'hacktivists' target your hospital.当“黑客活动分子”将目标对准你的医院时。
N Engl J Med. 2014 Jul 31;371(5):393-5. doi: 10.1056/NEJMp1407326.