This morning's many headlines include Microsoft’s disclosure of yet another massive security breach of government agencies brought about primarily through phishing techniques. In this model, of course, fake emails are typically sent to a company's employees who then, through error or inattention, provide login information to the hackers. Of all the ways hackers break into computer systems, phishing is one the most common and yet, in theory at least, the easiest to prevent. As with passwords given away on a phone call, or laptops left unsecured, phishing illustrates how so often a psychological phenomenon leads to a major cybersecurity failure. Understanding how to ensure cybersecurity compliance, therefore, is a subject of much research and debate. Given the prevalence of the problem, however, there remains much to be discovered and improved in this all too human aspect of information security.

An extensive new analysis from Yan Chen (FIU), Dennis Galletta (Pitt), Paul Benjamin Lowry (VaTech), Xin Luo (UNM), Gregory D. Moody (UNLV), and Robert L. Willison (Xi’an Jiaotong-Liverpool) brings a novel perspective to this issue by looking at information security through the lens of healthcare. Their shift in thinking is both instructive and illuminating.