While email spear fishing is a reasonable infection vector for US Healthcare organizations, all of the ones that I visit locally still provide plain HTTP access within the building for users on their Wi-Fi network so a quick visit with an evil twin stands a good chance of granting access while you sit in the waiting room. If that doesn't work then just access them through the USB port on the PC in the exam room while you sit in your underwear waiting for the doctor to arrive.
Hospital info thief malware puts itself into a coma to avoid IT bods
A Trojan targeting US healthcare organizations attempts to avoid detection by going to sleep for prolonged periods after initial infection, security researchers warn. Symantec estimates that thousands of organizations have been hit by the Gatak Trojan since 2012. The malware is programmed to spread aggressively across an …
COMMENTS
-
-
Tuesday 22nd November 2016 21:28 GMT elDog
This scheme works in almost any venue - coffee house, bank
While a lot of POS (point-of-sale, not only P.O.S.) are properly protected against penetration by perpetrators (oooh, i got carried away again by the Power-of-P); many open ethernet and USB ports are awaiting purposeful placement of prongles.
The vectors are voluminous and the victims are vulnerable, very very vulnerable. As our new Vulture in Thief will likely vituperate!
-
-
-