Select Page

Caught in the Net: Enhancing Cybersecurity Culture Through the Good Catch Program

Cyberattacks increased by 44% in 2025 and an alarming 75% started by email according to Check Point Software Technologies, 2025. For Houston Methodist, the impact of a cyberattack would be devasting – putting our patient data at risk and crippling our ability to rely on the systems that help us deliver exceptional care. On average, HM IT catches and blocks 24,152 potentially harmful phishing emails monthly. Unfortunately, only a fraction, around 5,834, were actively reported by you. Our stats could be higher if we had your help. That’s why we’re introducing the Good Catch program this April.

Introducing the Good Catch Program

The Good Catch program is a monthly spotlight on HM team members who actively defend our patient data and systems by identifying and reporting real phishing attempts. “This program is more than just recognizing our team members or even heightening their awareness by getting them to identify suspicious activities — it’s a strategic initiative that emphasizes employees as a key part of our cybersecurity strategy. It aims to reduce cybersecurity risks by influencing employees’ actions and behaviors to prevent breaches and safeguard our HM systems,” says John Mowery, vice president and chief information security officer. “While awareness is important, true security comes from sustained behavior change and a culture that prioritizes vigilance.”

Showcasing Real-World Phishing Tactics and Success Stories

Each month, an ever-vigilant “catcher” will be selected from a pool of employees who’ve successfully reported a real phishing attempt. These employees will be featured in the IT Matters newsletter, sharing how they effectively identified the attempt. To enhance our cybersecurity skills, we’ll provide practical strategies for spotting and mitigating threats by highlighting key warning signs, how the phish was caught and the impact of reporting them.

Catching The Phish

To help you identify phishing attempts, consider these pointers:

  • Is the offer too good to be true?
  • Does it include urgent or alarming language?
  • Does it have poor spelling, grammar or generic greetings?
  • Are there suspicious links or strange requests?

 

Your quick action helps us assess and neutralize threats and gives you a chance to be recognized for your good catch. Stop ignoring and start reporting! If you receive a suspicious email or text, don’t just delete or ignore it—report it! Reporting phishing signals our system to remove the phish from the mailboxes of other HM team members. This is just one example of how HM actively assesses, analyzes and quickly responds to cyber threats.

To report a suspicious email, click the PhishAlarm button located in the Outlook toolbar (on smaller screens, select the set of three dots in the upper-right corner to view the option). Alternatively, click the Report Suspicious button located in the External Sender header (automatically visible in any email coming from outside HM).

A Good Catch

Here’s a recent good catch to get us started: A team member reported visiting an incorrect Microsoft page, which appeared legitimate and displayed location information. However, they noticed several red flags:

  1. The image was overwhelming, with numerous alerts for urgent action.
  2. The first window contained a typo: “Windows_security” instead of “Windows Security”.
  3. The message stated “Access to this computer has been blocked” while the computer remained on, which was suspicious since the computer should have powered off or logged the user out if access was truly blocked.
  4. Though Admin Login location and IP address could be correct, this information can be easily accessible through the internet service provider or Google.

Recognizing these issues, the employee didn’t enter any information and immediately reported the attempt to IT.

Why Reporting Matters

To combat phishing threats effectively, we must report them. While ignoring suspicious emails prevents immediate harm, reporting them plays a crucial role in protecting our patients’ data and HM systems. When you report phishing attempts, the system automatically flags the threat and removes it from others’ inboxes, enhancing everyone at HM’s safety. By participating in the Good Catch program, you’re helping to keep HM more secure.

Our Shared Responsibility

“The Good Catch program is our collective call to action to foster a security-minded culture. By reporting phishing attempts, you not only protect our patients but also fortify our defenses against cyber threats,” says John Mowery. “Let’s make cybersecurity a shared responsibility and ensure every ‘Good Catch’ counts.”