Hackers are becoming increasingly proficient in detecting and exploiting security vulnerabilities in healthcare IT security. In response, many healthcare organizations are preemptively working to identify and eliminate security vulnerabilities in operating systems, applications and configurations. But in this quest for robust security controls, end-user practices can sometimes be overlooked. Employee carelessness, forgetfulness and lack of knowledge can create a huge gap in an otherwise secure setting. This gap can make an organization highly susceptible to cyber-attack, security breach, and ransomware. It can also put an organization at risk for costly HIPAA violations that could generate negative publicity and reputational damage.