Posted: 2 Min ReadExpert Perspectives

BlackHat 2018: Did Mayo Clinic Just Diagnose an Antidote to Phishing?

Testing a new way to promote behavioral changes to help employees better recognize phishing scams, the hospital reveals some surprising results

Organizations have tried nearly everything to get their employees to pay closer attention to the danger posed by phishing. The message is just not getting through.

In the latest edition of Symantec's Internet Security Threat Report, for instance, 71% of the targeted attacks detected last year were found to have used spear phishing to steal the targeted user's credentials.

In part, chalk it up to attackers who are increasingly sophisticated. In the past, it was easier to spot phishing emails given the prevalence of poorly designed emails and websites filled with typos and other grammatical errors. Unlike the average phisher a couple of decades ago, contemporary practitioners are well-schooled in social engineering and quite skilled at what they do.

And as the profile of a typical phisher has changed, it’s become increasingly harder to distinguish phishing sites apart from legitimate sites. The upshot: Too many victims get fooled into giving away their passwords, credit card numbers and other important information. 

But the Mayo Clinic has been testing what it calls a “technology and human solution” designed to promote behavioral changes and help employees to better recognize phishing scams.

Three years ago, Mayo set up a continuing security awareness program and created what it describes as InfoSec Ambassadors. These are volunteers from within the organization charged with raising awareness and reminding employees of the role they play in keeping Mayo’s networks secure. At last count, Mayo had 289 active ambassadors, up from 144 when the program began in 2015.

Each ambassador is expected to make a one-year commitment and be ready to devote 2 to 3 hours to the task each month. Mayo also updates employees about current infosecurity news with a monthly newsletter targeted at a more general audience that may not be intimately familiar with the ins and outs of cyber security.

“When you’re working in a hospital, your first thought is to treat the patient and it may not be security. But when you explain that security is part of the whole patient strategy, they get it,” said Kingkane Malmquist, an information security analyst from Mayo.

At the same time, Mayo has been carrying out simulated phishing campaigns to test employee responses. The early batch of findings, which were revealed this week at the BlackHat conference, offer encouraging evidence that change is possible as increasing percentages of employees recognized phishing attempts:


  • 6 Campaigns
  • 63,831 Total Average Emails Sent
  • 32.9% Reported Phish


  • 8 Campaigns
  • 66,010 Total Average Emails Sent
  • 44.4% Reported Phish


  • 5 Campaigns
  • 66,882 Total Average Emails Sent
  • 52.1% Reported Phish

Visit Symantec at BlackHat:

See our cryptojacking simulation and visit us at booth #912 at Black Hat where you can view the simulation during Business Hall hours (10 a.m. – 7 p.m. PT on Wednesday, August 8 and 10 a.m. – 5 p.m. PT on Thursday, August 9).

Health-related data, which includes not just patient data but also financial data, clinical research and intellectual property, remains a particularly appealing target for malicious actors. In the last few years, cyber attackers have repeatedly used phishing scams to gain control of hospital networks – in some cases shutting down hospitals and impacting care delivery until they receive ransom payments.

So, any movement in the right direction would be welcome - especially at a health institution like Mayo, which employs more than 63,000 staff members, including 4,729 physicians and scientists. 

“In the end, everyone has a role here in keeping Mayo Clinic safe,” Malmquist said. “When you provide people with the right motivation and you help raise their awareness, it's possible to create changes in behavior.”

Symantec Enterprise Blogs
You might also enjoy
6 Min Read

Yes, We Used a Router to Fry an Egg and Here’s Why

As attackers turn to cryptojacking to make money, they’re adding wear and tear to your devices – and raising the risk of a meltdown

Symantec Enterprise Blogs
You might also enjoy
5 Min Read

New Urgency in Healthcare to Combat 4 Emerging Security Threats

Increasingly sophisticated digital thieves are stepping up their efforts to steal valuable health-related data

About the Author

Charles Cooper

Consulting Editor

Charles Cooper has covered technology and business for more than 25 years. He is now assisting Symantec with our blog writing and managing our editorial team.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.