Select Page

CIO QUARTERLY REPORT — December 2023

  1. Archives
  2. December 2023

Gone Phishing for Cybersecurity Awareness Month

In October, we recognized Cybersecurity Awareness Month by baiting you with 14 phishing email drills. Phishing messages are designed to appear as legitimate emails from authentic senders. That’s how they hook you in and get you to click bad links or open malicious files that could potentially harm our HM patient data and systems. During the drills, a parking violation email was so realistic that nearly 8,000 HM recipients clicked the link. Several even contacted TMC Security directly (see the section below).

“It only takes one,” said Scott Blough, CISSP, HM interim chief information security officer. “If one person lets their guard down, our systems and data are at greater risk. Cybercriminals are relentless in their efforts to breach our security systems. So, we all must be equally relentless in preventing access.”

Every year, our cybersecurity team prevents nearly 100 million online attacks. That’s close to 1.8 million attacks per week or three attacks every second! In the time it takes you to read this article, 900 HM cyberattacks will have been blocked.

Practice for the real thing

During October, an average of 16% of you reported one of our phishing drill messages. By comparison, in October 2022, only 11% reported it. While we’ve made progress, we need everyone catching and reporting these attacks. During this year’s drill, we caught more than 108,000 phish. At the same time, we got lured by 24,600 bad clicks of links and files. If those had been real cyberattacks, that’s 24,600 times our data could have been compromised.

Tips for catching a phish

Let’s take a closer look at three messages from our October phishing drill, to give you tips on how to spot a phish in the future.

Code of Conduct Violation

On Monday, Oct. 2, you received a message regarding a recent code of conduct violation.

Red Flags

  • The external sender banner indicated the message was sent from outside of HM.
  • Instead of coming from “@houstonmethodist.org,” the email address was from “@corp-int.”
  • The email signature line was vague and didn’t include HM.
  • The message included a questionable attachment, which you were strongly urged to open.

Results

  • More than 7,700 (16%) reported this message as suspicious.
  • 6,300 (13%) took the bait and opened the attachment.
  • This is an unfortunate increase from our recent monthly average of 3-4% opens and clicks.

Parking Violation Notice

On Wednesday, Oct. 18, someone imitating Texas Medical Center security sent you a fake parking violation notice.

Red Flags

  • An external sender banner should always raise your level of concern.
  • The message came from a public account (@publicmailservice.com) instead of TMC.
  • It included several links and a photo that was supposed to be your vehicle.
  • The urgent nature required you to click a link.

Results

  • Nearly 12,000 (24%) reported the message as suspicious, the most of all phishing messages this month.
  • More than 7,900 (16%) recipients clicked at least one of the six links.
  • Many contacted TMC Security directly which is a great way to determine its legitimacy. It’s always better to verify than to click the links or open the attachments.

Your Teammates are Trying to Reach You

On Monday, Oct. 9, you received an email from Microsoft Teams that your teammates were trying to reach you. The message attempted to bait you to click a link that would allow you to reply in Teams.

Red Flags

  • The external sender banner signaled to be on alert.
  • While this was sent from Microsoft Teams, the email address was from “maildeliverysystem.net.”
  • There were several spelling, grammar and capitalization errors.
  • The message included a confusing request with a vague deadline.

Results

  • 4,800 (10%) reported this as suspicious.
  • More than 2,500 (5%) clicked a link.

How to report a suspicious message

Identifying and avoiding a suspicious message is only part of the battle. It’s equally critical that you report potential phish to initiate automatic defenses that will confirm and remove legitimate attacks from all HM email. Reporting a suspicious email is quick and easy. To report a phish, from Outlook:

  • Click the Report Phish – Phish Alarm button in your Outlook. On smaller screens, select the three dots in the upper-right corner to view the option.
  • Click the Report Suspicious button on the External Sender banner (automatically visible for any messages coming from outside HM).

 

Thank you and continue to remain vigilant

To remain safe, it’s critical to stay alert for suspicious messages. Similar phishing drills will continue to ensure we’re all prepared, so we must remain vigilant. We all have a responsibility to protect our HM data, and we’re all in this together.