One of the largest gastroenterology practices in the United States, Atlanta Gastroenterology Associates (AGA) is dedicated to the evaluation and treatment of digestive and liver diseases, providing care to thousands of patients each day.
AGA’s IT environment includes a primary and backup data centre located in the Metro Atlanta area. Supported by an eight-person in-house IT team, the environment supports more than 750 employees and workstations across the organisation.
The push to digitize healthcare records over the past five years has streamlined patient care and enhanced the ability of providers to share information. Along with those benefits came significant risk as malicious actors began targeting patient information being stored and transmitted digitally. Well aware of this risk, AGA prioritised information security early on.
“We knew we had to take proactive steps to ensure that our patients’ healthcare information and other company data remained protected at all times,” said Jon Challen, IT Director and Chief Security Officer at AGA.
AGA had a well-protected IT environment, but they began seeing an increasing number of advanced phishing attacks targeting individual employees. These attacks tried to obtain sensitive information, such as usernames and passwords, by disguising emails as trustworthy communications.
“We really didn’t have a good gauge of how our employees would respond to active attempts to steal information through phishing attacks,” said Challen. To determine the organisation’s risk level and each employee’s ability to identify phishing attacks, AGA began looking for a phishing simulation solution.
"Providing Phish Insight at zero cost demonstrates Trend Micro’s commitment to helping organisations protect sensitive information—and they continue to actively develop and adapt their solutions to confront the latest security issues."
IT Director and Chief Security Officer
Atlanta Gastroenterology Associates
Why Trend Micro
AGA began working with Trend Micro 12 years ago when it replaced its workstation-based antivirus protection software with centrally-managed Trend Micro™ OfficeScan™ and Trend Micro™ ScanMail™ software, which continue to protect the organisation today. After looking at several alternatives, AGA selected Trend Micro™ Phish Insight for its phishing simulation solution, which is a free security awareness service.
“Providing Phish Insight at zero cost demonstrates Trend Micro’s commitment to helping organisations protect sensitive information—and they continue to actively develop and adapt their solutions to confront the latest security issues,” said Challen.
"Phish Insight really is a home run for AGA security. Its dashboards and reports make it easy for us to measure and demonstrate our employees’ aptitude and progress."
IT Project Manager
Atlanta Gastroenterology Associates
Trend Micro™ Phish Insight enables AGA to test the security awareness of its employees against social engineering and educates them to quickly and efficiently spot attacks. Phishing simulations help increase employee awareness of attacks by 25 percent. By combining Trend Micro’s phishing simulation with its awareness training, AGA can take a holistic training approach that will make its employees more resilient against these threats—and the solution is easy to use.
“From initial solution startup to sending out our first simulations, the process took just minutes, not hours or days,” said Richard Eells, IT project manager at AGA.
Phish Insight is a Software as a Service (SaaS)–based phishing awareness tool, so AGA’s IT security team can access the solution using a standard web browser. With predesigned templates that mimic real-world attacks without any of the danger, the solution allows AGA to customise the simulation to meet its requirements.
With Phish Insight, Challen and his team can see who clicked on the simulated phishing email, what operating system they were using, and what browser was used. Reporting also tracks whether recipients opened attachments and whether they input sensitive data into simulated webpages. “Phish Insight really is a home run for AGA security. Its dashboards and reports make it easy for us to measure and demonstrate our employees’ aptitude and progress,” said Eells.
After rolling out Trend Micro Phish Insight in a phased approach across the company, AGA recognised several significant benefits. For example, the security team realised that they did not have many users interacting with phishing exploits, and the solution helped users understand that it only takes one issue to cause potentially disastrous results.
“Phish Insight helped me realise that the sky is not falling. It helps us increase security awareness among users so that they feel more empowered to focus on their jobs,” said Challen. “Their job is to care for patients and provide the best GI care possible, not to have to worry about information getting into the wrong hands.”
Since sending phishing simulations to its users, AGA has seen a marked increase in phishing reports to the company’s help desk, indicating greater security awareness across the organisation. By providing baseline data, Phish Insight allows Challen to demonstrate the impact of phishing simulations and security training to senior leadership. “The reports really show the value of security training and validate our efforts to stop phishing attacks before they impact the organisation,” he said.
Looking ahead, AGA plans to look for ways to identify and stop threats before they reach users. For example, Trend Micro offers solutions that include sandbox capabilities to isolate malicious emails and links before they even get to employees. “Trend Micro will always have a role in any AGA security initiative,” said Challen.