Phishing attacks targeting hospitals : A study over phishing knowledge at Blekingesjukhuset

Abstract: Context. Phishing emails is a type of computer attack targeting users and tries to trick them into giving out personal information, follow shady links or download malicious attachments. Phishing is often closely linked to ransomware, which is a type of attack that locks a users computer and asks for a ransom in order to give access back. Ransomware viruses often contaminate a computer through a phishing email. Hospitals are a growing target for these types of attacks because of their need of being able to access their system at all times. Objectives. This study intends to research the phishing knowledge among employees at Blekingesjukhuset and whether Blekingesjukhuset is at a risk of falling victim to a ransomware attack through a phishing email opened by an employee. Methods. This is researched by reading relevant literature and a survey sent out to employees at Blekingesjukhuset regarding their phishing knowledge. Results. The results show that the participants of the survey where overall unsure on how to detect phishing emails and thought that knowledge about the subject is necessary. Conclusions. The conclusion was made that the employees did not know what to look for in order to determine whether an email is a phishing email or not. Based on this information the conclusion can be made that it does exist a risk of Blekingesjukhuset falling victim to a ransomware attack through a phishing email unintentionally opened by an employee.