Attackers are drawn to healthcare organizations because of the massive amounts of patient data that resides within their networks. The majority of these attacks are email-based and utilize credential phishing. To effectively prevent credential phishing and abuse requires a combined approach.