EmployeesFeaturedInformation security

Asante News, HealthStream caught in phishing exercises

As part of its routine security checks, Asante ITS sent out a “fake” Asante News and a HealthStream education assignment. Here’s how to spot the imposters.


On June 9, employees received one of two emails that appeared to be from trusted sources — Asante News and HealthStream — only to learn that when they followed the emails’ instructions they were phished.

The exercise was part of a routine security check performed by Asante ITS. More than 7,800 employees received the phishing emails. More than 1,250 opened the email and 883 clicked on the links. Significantly, 650 employees entered their credentials. In a real phishing attack, this would have left the door wide open to malicious actors.

Alert users may have noticed the clues:

  1. The “from” field used a made-up email address. No internal newsletters are sent from “corp-internal.com.” Instead, the sender’s field will include the asante.org domain.
  2. The email contained a yellow highlighted warning indicating it came from outside our system. Our employee newsletter does not have a warning.
  3. It features an old banner.
  4. The newsletter is dated 2020.

1. The sender is wrong. The real email address is hs*******@he**********.com.

2. The email contains links. HealthStream education alerts will never include links, but instead will direct you to log in through ALEC.

3. The copyright is from 2019.

Tags: Asante News, exercise, HealthStream, ITS, Phishing, security, sting
Ashland’s cafeteria gets a makeover
Blood donations needed as supplies shrink

If you have a question, please contact the author or relevant department directly.

1 Comment. Leave new

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed


Popular related content