I’m on the medical staff of several hospital systems, and my family and I also have been patients, and my experience has been that hospitals are terrible about stuff like this. Some experts advise never to open email attachments. Well, that is about the only way that hospital communicate with the staff - email attachments.
3 Likes
Yeah, it’s kind of ridiculous.
A friend of mine works in banking. They have a procedure to report phishing emails, and sometimes send phishing emails to test their employees.
She failed one of the tests because she was swamped with work, and the email was such obvious garbage that she deleted it rather than doing their procedure. 
That’s poor Info Sec management then. So long as she didn’t click on the link, there should be no action taken.
It’d be better if it was reported, but deletion isn’t a fail.
Given your flag and your field/sector, I wonder if we know one another 
My bank does this and it drives me nuts. They’re really good about never sending links in email, and even go so far as to explain that they don’t send links of any kind.
Lately, though, they have been calling me about my credit card use (I’ve moved (kind of) from one side of the country to the other, so my spending looks odd to them?) and leaving me voicemail messages asking me to call them back at a number in the message. They always turn out to be legitimate, but there is no way that I’m going to call a number like that, and asking people to do it sets up a terrible anti-pattern for people who don’t have my level of paranoia 
Two things converge: portals and software-as-a-service. The result is way too many URLs flying around and an incredibly shitty user experience.