Evidence Based Cybersecurity

Phishing attacks and the implementation of Multi-Factor Authentication (MFA) are critical areas of focus in the Center’s Evidence-Based Cybersecurity research, aiming to enhance the security posture of healthcare organizations.

Phishing in Healthcare

Phishing remains a predominant threat vector in the healthcare sector, often leading to significant data breaches and operational disruptions.

• Prevalence of Attacks: Phishing is the leading infection vector in cyberattacks, with four out of ten attacks starting with phishing, marking a 33% increase from the previous year. 
• Impact on Data Security: Approximately 80% of healthcare data breaches involve phishing or social engineering tactics, underscoring the sector’s vulnerability to such attacks. 

Multi-Factor Authentication (MFA) in Healthcare

Implementing MFA is a proven strategy to mitigate unauthorized access resulting from compromised credentials.

• Legislative Initiatives: Recognizing the critical need for robust cybersecurity measures, U.S. senators have proposed legislation mandating the adoption of MFA and other security standards in healthcare organizations. 
• Implementation Challenges: Despite its effectiveness, the adoption of MFA in healthcare settings faces challenges, including integration with existing systems and potential impacts on clinical workflows. 

The Center’s research focuses on developing evidence-based strategies to combat phishing and facilitate the seamless integration of MFA, thereby strengthening the cybersecurity resilience of healthcare organizations.

Faculty - Cyber Core

• Geoff Voelker, PhD
• Stefan Savage, PhD
• Alex Snoeren, PhD
• Pat Pannuto, PhD
• Earlence Fernandes, PhD
• Deepak Kumar, PhD
• Aaron Schulman, PhD

Faculty - Healthcare Core

• Christian Dameff, MD
• Jeff Tully, MD
• Isabel Straw, BMBS, PhD
• Inmaculada Hernandez, PhD