Cyber threats targeting individuals often take the form of social engineering, where attackers attempt to convince someone to engage in actions or reveal information that can put themselves and their organizations at risk. Social engineering is an attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks or taking an action (e.g., clicking a link, opening a document). Between 2019 and 2023 large breaches (i.e., breaches of unsecured protected health information (PHI) involving 500 or more individuals) reported to the HHS Office for Civil Rights (OCR) as a result of hacking or IT incidents increased 89%. Cybersecurity is often framed solely as a technology issue where protection can be provided by simply purchasing the newest security tool. But according to a recent report, 68% of breaches involved attacks on humans, not technology.