Mitigating Phishing Attacks in Healthcare Institutions: A Need for Comprehensive Incidence Response Plan

Abstract

In recent years, the healthcare industry has witnessed a sharp increase in the number of security breaches, particularly phishing incidents, leading to the compromise of millions of sensitive patient records. The study aimed to explore Phishing Attacks in Healthcare. Specifically, the study seeks to investigate the prevalence of phishing attacks within community hospitals and develop comprehensive incident response plans that outline the steps to be taken in the event of phishing attacks. The study developed comprehensive and effective strategies for mitigating the risk of phishing attacks within Community Hospitals in Kumasi Metropolis. A quantitative research approach was adopted. The target population comprised IT professionals and healthcare administrators of community hospitals in Kumasi Metropolis. From the target population, a total of 9 hospitals were selected, where 97 respondents were used. Simple random and purposive sampling techniques were used in choosing the community hospitals and participants respectively. A structured self-administered questionnaire was utilized to gather the required data.  The study revealed a high frequency of community hospital phishing attacks, with 57.7% encountering phishing attacks 1-2 times within 1-2 years, 6.4% experiencing a number of phishing incidents over 3-4 years, and 42.3% experiencing more than 5 phishing attacks within 1-2 years. The findings revealed that community hospitals frequently encounter several types of phishing attacks, including smishing, spear phishing, email phishing, clone phishing, vishing, and whaling attacks. The study concludes that implementing the ACSC Incident Matrix 2022 framework would be instrumental in helping hospitals effectively assess and manage cyber threats. It was recommended that CSA in collaboration with the MoC and Ghana Health Service, should launch national awareness campaigns focusing on the dangers of phishing attacks, particularly within the healthcare sector.