The healthcare industry, in particular, is at risk of attack from ransomware-wielding hackers, according to a new report. The analysis of nearly 500 healthcare organizations revealed that cyber attacks and exploits in digital vulnerabilities could be potentially devastating. "The low social engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient," Alex Heid, chief research officer at SecurityScorecard, the study’s sponsor, said in a statement. "Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear phishing, and other social engineering attacks." According to the report, one of the best solutions in dealing with these attacks is to implement regular information-security-awareness training programs for all enterprise employees with access to the internal network. The topics of social engineering and password reuse risks should be at the forefront of these sessions, according to Heid. "Information security technologies that attempt to thwart active attacks can only go so far, as a dedicated attacker with partial knowledge of an enterprise organizational structure can employ spear phishing methodologies to gain access to the internal network," he says.