Common Threats
A fake email pretending to be from your hospital asking for your login info.
What is phishing?
This act protects patients' private health information.
What is PHIPA?
If an email looks strange or urgent, you should do this.
What is don’t click — report it to IT?
This keeps your phone or laptop locked when not in use.
What is a password or passcode?
The “P” in PHIPA stands for this.
What is Personal?
Accidentally clicking on a fake link can cause this to infect your computer.
What is malware?
You should never leave a computer with patient info like this.
What is unlocked or unattended?
Avoid clicking links or downloading these from unknown emails.
What are attachments?
Always do this before walking away from a workstation.
What is lock the screen or log out?
VPN stands for this and keeps your internet use private.
What is Virtual Private Network?
An attack that locks hospital systems and demands payment.
What is ransomware?
Only access patient records when you have this.
What is a work-related reason or need-to-know basis? (Circle of Care)
Phishing emails may pretend to be this internal department.
What is IT or HR?
When you leave USB drives lying around, you risk this.
What is a data breach?
These updates fix security holes in your apps.
What are software patches?
A cybercriminal pretending to be IT support over the phone.
What is social engineering?
This should never be shared, even with coworkers:
What is your password?
An email says your account will be closed unless you click right now. That’s a sign of what?
What is urgency — a phishing trick?
Installing software from unofficial websites can do this.
What is infect your device with malware?
This simple rule: only access the information you need to do your job.
What is the "need-to-know" principle?
A hacker overloads a system so it stops working, possibly during emergencies.
What is a Denial of Service (DoS) attack?
When you see a patient record you shouldn’t access, it’s a violation of this.
What is patient confidentiality?
A real hospital email will never ask for this via email.
What is your password or login info?
If a coworker needs your login, you should say this.
What is no, sharing logins is against policy?
The three key goals in data security: Confidentiality, Integrity, and this.
What is Availability?