This is how the AVL hospital alerts staff to phishing

Handling information carefully is always important, but in healthcare, where many people work with sensitive patient data, it is crucial. Especially in hospitals, the security of information must not be jeopardised, according to Joost Boele, information security officer at the Antoni van Leeuwenhoek hospital.


Humans are an important link in security strategy

‘Genetics do not change,' says Joost. ‘If data from a medical file are leaked, the consequences will last a lifetime. Not only does it have an impact on the person concerned, but also on their immediate family. Awareness of this is starting to sink in. It's good that the rules of the General Data Protection Regulation (GDPR) and nen7510 play such an important role.’

Phishing simulation provides insight into security awareness

‘Prevention is an important aspect of information security,' says Joost. ‘It's in technical measures that nobody sees, but people's behavior also plays an important role. You can positively influence behavior in a number of ways, for example with a phishing test or security awareness training. Phishing tests are one of the more imaginative ways of testing how your organization is doing in security awareness. '

This is how phishing simulation works

‘When you bandage someone in the emergency room, you learn that blood belongs inside the body and bacteria outside. In information security, the rule is: data belongs inside the organization, hackers belong outside. Those are the 2 things I’m trying to achieve. Infosequre's phishing tool helps with that. The data from the tests give us insights we can act on'.

A phishing test works as follows:

  1. You choose a message from existing e-mail templates to send to your organization. Infosequre takes care of sending the message.
  2. Employees who click on the link will immediately receive focused feedback on the landing page. This way they will learn to recognize the phishing signals.
  3. You will receive a report with the results of the test. You will see how many people clicked on the link, how many downloaded the images in the email and how many left their details on the phishing website.

The more tests you send, the more trend insights you get. This allows you to see how much progress has already been made and which challenges still lie ahead.

Significant decrease in clicks

Joost has noticed that as people become more aware of the risks, there are fewer clicks. ‘I am satisfied with the decrease in the percentage of clicks, but as a research institute we remain critical. We do not draw any hasty conclusions. In the last phishing test, very few employees clicked on the link, but every click is one too many. That is why we will continue to work on security awareness.’

“We continuously pay attention to employee awareness. We measure the effectiveness of interventions and respond to them. We use data from the phishing tool for this."

Reasonably priced

“With Infosequre's phishing tool, it doesn't matter how many phishing tests you want to do. You buy the tool for a fixed period. Then you choose from a selection of ready-made phishing templates and confront your employees with realistic phishing mails and text messages. Everyone who clicks on the link immediately receives focused feedback. In case of a real attack, employees will know what to look out for.

‘The benefit of Infosequre is that you are not bound to a total awareness package,' says Joost. There are many companies that sell training courses for tens of thousands of euros, but every euro that the hospital doesn't spend on external matters can go to cancer research. The pricing model of the phishing simulation tool is flat. And that offers a lot of peace of mind. Whether I deploy 3 or 50 phishing mails a year, the price remains the same.’

“We do not deploy the phishing tool every year without reason. Moreover, you can send an unlimited number of mails, which suits our security strategy very well.”

Positive reactions

Carrying out phishing simulations to test employees’ awareness by is well received at the hospital. Joost says: 'The reactions are overwhelmingly positive, even up to the Board of Directors. Employees say they think it's useful and important that we do this. The phishing campaign stirs up conversation and that in turn is contributing to awareness."

“The reactions are overwhelmingly positive, even up to the Board of Directors.”

phishing on phone

Anonymous phishing test

‘The phishing tool collects click data anonymously. That's nice in a world where the GDPR is ever present. Privacy is more important than ever,' says Joost. ‘It helps me that I can assure my colleagues that the results of the phishing tests will remain anonymous. It is not my intention to judge employees on their clicking behavior. If I go around the hospital policing employees, nobody will want to work with me anymore. And that's exactly the opposite of what I want. I want to make it safer here.

Joost Boele
Joost Boele
Chief Information Security Officer

“We continuously pay attention to employee awareness. We measure the effectiveness of interventions and respond to them. We use data from the phishing tool for this."

Phishing simulatie

Phishing simulation

The phishing simulation tests how alert employees are. You will receive a clear overview of the results, giving you a solid basis for further steps in your security awareness program.

Request a demo Choose a plan
Bekijk alle klantverhalen
Terug naar cases