Ballad Health’s IT organization is conducting simulated phishing attacks across all of Ballad Health to raise team member awareness about how to recognize a real phishing attack and hopefully prevent future compromises of Ballad Health login credentials when a real attack occurs.
You don’t want to be the one who falls for a phishing attack! Repeated failure during any phishing exercises or falling victim to a real phishing attack may result in written corrective action.
Remember, phishing attacks pose a significant risk to our patients, ourselves and our organization. These attacks can destroy information, allow hackers to steal information or allow them to shut down our systems until we pay a ransom. While additional information on cybersecurity will be shared across Ballad Health, it is important to remember to treat every electronic communication as a potential attempt to steal data and/or shutdown our access to our data.
What is phishing?
Phishing is a technique used by hackers to gain access to or insert malware into our computer systems. These hackers use email to trick users into responding to the original malicious email, clicking on bogus links, opening attachments that download malicious computer malware, or having you enter confidential information – such as username and password.
What to look for
There are common clues that can help you identify a phishing attack as soon as it hits your inbox. Be on the lookout for these signs:
- Offers that are too good to be true;
- Messages that create a strong sense of urgency;
- Emails that appear to be work-related but use an email address not from balladhealth.org or one similar to balladhealth.org.
- Language, tone or signature inconsistent with the supposed sender;
- Emails that pressure you to bypass or ignore our security policies;
- Emails that contain a generic greeting;
- Emails that appear to come from the organization, but are from an external source. (Note: There is a banner at the top of any email which is always displayed when the email originates from a non-Ballad Health email account. If you see this banner, the email is external and could be a phishing attack.)
Will a phishing attack work from my phone?
Yes. Any email account can be used by hackers to receive a phishing email. People who consistently read their email from their phone are the ideal target for attackers. This is because when using your smartphone it’s harder to determine if a web link is valid than it is when accessing it on a desktop device. If you read your Ballad Health email from your phone and you touch a web link and are prompted for your credentials, simply stop and exit the email application. Do not enter your credentials.
What to do about a phishing email
- If you suspect you’ve received a phishing email in your Ballad Health Outlook inbox, you can report it by using the “Phish Alert” button at the top right when you’re in the email. Click on the button and follow the instructions.
- If you do not have the “Phish Alert” button, immediately log a Service Request in ServiceNow to report the suspected phishing email. To locate ServiceNow from the Ballad Health intranet, click on “Wellnet” in the top left corner, and then under “Quick Links” on the left side of the page scroll down to click on “ServiceNow.” From there, click on “Request for Service.”
Thank you for your attention and your diligence in protecting our system!
