The world’s headlines often include accounts of hacking brought about through something known as “phishing.” In this technique, fake emails are typically sent to a company's employees who then, through error or inattention, provide login information to the hackers. Of all the ways hackers break into computer systems, phishing is one the most common and yet, in theory at least, the easiest to prevent. As with passwords given away on a phone call, or laptops left unsecured, phishing illustrates how so often a psychological phenomenon leads to a major cybersecurity failure. Understanding how to ensure cybersecurity compliance, therefore, is a subject of much research and debate. Given the prevalence of the problem, however, there remains much to be discovered and improved in this all too human aspect of information security.

An extensive analysis from Yan Chen (FIU), Dennis Galletta (Pitt), Paul Benjamin Lowry (VaTech), Xin Luo (UNM), Gregory D. Moody (UNLV), and Robert L. Willison (Xi’an Jiaotong-Liverpool) brings a novel perspective to this issue by looking at information security through the lens of healthcare. Their shift in thinking is both instructive and illuminating.