Swansea Bay University Health Board

Defending Against Cyber Threats in Healthcare
In a hurry? Download a PDF of this case study and save it for later!

All organisations are susceptible to cyber attacks but one industry that has been hit particularly hard is healthcare.  

Cyber attacks on global healthcare organisations increased at more than double the rate of those targeting other sectors within the last year according to a recent report by CheckpointThis has resulted in countless breaches and millions of compromised patient records. 

45% increase in ransomware attacks targeting healthcare

Source: HIPPA Journal, 2021

Healthcare organisations collect and store vast amounts of personal information which makes them a major target for cyber attacksPersonally identifiable information (PII) and protected health information (PHI) are highly sought after by criminals as the data can be used for financial fraud, medical identity theft, identify theft, and for crafting convincing phishing emails. 

Modern healthcare organisations also have an extensive network of connected medical devices, all of which can act as a potential threat for attackers. These threats combined with an increase in cyber attacks make securing health data more important than ever. 

NHS Staff Hit by Almost 140,000 Malicious Emails in 2020

Source: Info Security Magazine, 2021

Robust Defence Against Cyber Threats 

To defend against this surge in attacks, Swansea Bay University Health Board partnered with MetaCompliance to increase staff awareness of cyber threats and create a culture of enhanced Cyber Security awareness. 

With over 12,500 staff employed across the board, Swansea Bay UHB identified phishing as a key concern that they wanted to address.  

60% of all healthcare industry data breaches are caused by phishing

Source: Healthcare IT News, 2019

“We wanted a product that could educate our staff and keep awareness of cyber issues fresh in their minds. It was also important that we could effectively track awareness and identify staff members that needed additional training.”

Chris Phillips, ICT Security Manager, Swansea Bay UHB

Protection Against Phishing 

Using MetaCompliance’s award-winning MetaPhish solution, Swansea Bay UHB has been able to educate staff on sophisticated phishing threats and provide targeted training on hoto avoid them. 

By using a safe controlled environment, the health board has been able to send staff customised phishing simulations to measure their awareness of current threats and provide timely education on how they can improve security behaviours.  

Detailed Feedback and Reporting 

Stafmembers that click on a phish are presented with a point of need learning experience that explains what has happened, the potential dangers associated with phishing attacks, and how they can avoid them in the future. 

Using the detailed reporting analytics, Swansea Bay UHB has been able to establish a baseline that measures current awareness levels and provides a benchmark to track the effectiveness of future phishing simulation tests. 

The health board is now able to use this data to identify areas of weakness, tailor training to address gaps in awareness and chart the progress of phishing campaigns over time. 

Enhanced eLearning 

Swansea Bay UHB recognised that to truly enhance awareness levels across the organisation, the phishing training needed to be incorporated as part of a wider Cyber Security awareness program.  

Using MetaCompliance’s innovative eLearning library, the board has been able to create customised eLearning courses that are engaging, informative and address the key risks that pose a threat to the organisation. 

The eLearning is focused on real-life examples and provides targeted learning in short, sharp bursts. Providing staff with easy to consume content, that is relevant to their role, habeen critical to improving security behaviours within the organisation. 

“The MetaCompliance software is a major game-changer for us. We can now effectively keep our staff informed of cyber risk and provide suitable tailored training across the organisation.”

Chris Phillips, ICT Security Manager, Swansea Bay UHB

Customer-Focused Awareness Campaigns 

MetaCompliance works closely with Swansea Bay UHB to design tailored and unique awareness campaigns that are specifically developed to meet the needs of the overall organisation. 

This close collaboration has helped Swansea Bay UHB fully utilise the MetaCompliance platform and create targeted campaigns that deliver on objectives, demonstrate results, and reduce organisational risks. 

“I have to say that I have worked in IT for nearly 40 years and the approach and support we have received from MetaCompliance has been by far the best I have ever experienced. I cannot emphasise how supportive and customer-focused MetaCompliance has been and continue to be. We’ve never had a third-party work with us in this way, it’s amazing."

Chris Phillips, ICT Security Manager, Swansea Bay UHB

Since implementing the software, Swansea Bay UHB has noticed an increase in user awareness, a reduction in phishing, increased reporting, and greater employee engagement.  

This has created a measurable change to the security culture within the organisation and helped demonstrate to the Executive team the importance of making Cyber Security awareness training mandatory for all staff. 

 Your Complete Defence Against Cyber Threats 

MetaCompliance specialises in creating the best eLearning and Cyber Security awareness training available on the market. We’ve combined creativity, expert knowledge, and innovative software to deliver effective and engaging content that helps businesses stay cyber secure and compliant.  

Create Tailored Cyber Security and Privacy Training

For further information on how MetaCompliance can provide the best possible cyber security and privacy training for your staff, get in touch.

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations
  • All fields are required. No free emails.

  • This field is for validation purposes and should be left unchanged.