Oregon Health & Science University officials apologised to staff after a bogus phishing test sparked concerns about instilling false hope.
On April 12, the institution issued a phishing test email to staff offering financial help of up to $7,500. However, the offer was not genuine; it was a test designed to assess employees’ cybersecurity knowledge as well as OHSU’s own IT infrastructure.
The test was delivered several days after the institution warned staff about fraudulent email messages. Some employees expressed annoyance with the phishing test. OHSU apologised in a written statement, stating that the institution did not properly evaluate the potential harm caused by the phishing test.