Phishing is an attempt to obtain information such as usernames, passwords, credit card details (and sometimes money) by impersonating a trustworthy source (like your bank) in an e-mail or other electronic communication.
If a staff member falls for one of these scams it could put the security of your system at risk. You could face losses from credit card fraud or even fines for failing to protect patient data.
The following PC Magazine article discusses a system that trains employees how to recognize and deal with Phishing.
Malicious emails with booby-trapped attachments or links to suspicious websites flood user inboxes daily. While businesses are investing in spam filters and advanced scanning tools to prevent these messages from showing up in the inbox in the first place, it’s also important that regular users be alert and recognize the malicious few that still make it through. After all, just one user opening a loaded Word document can compromise the entire company.