Abstract
This is where the hacker begins to exploit the hospital’s network. The hacker gains access to an active medical device on a hospital network in any one of dozens of ways. Having successfully carried out a spear-phishing campaign, the hacker knows who the network administrator is, who the technicians are, and has even obtained some email addresses for hospital staff from attendee lists at medical conferences posted to the Internet. Hospital directories are also a good source of information. When an unsuspecting hospital employee opens an email claiming to be from a bank, the IRS, hospital HR, or from a spoofed name of a friend, the malicious payload is delivered. Fully 78 percent of phishing emails will impersonate hospital IT department or anti-virus vendor.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Davey Winder. “Phish Your Own Staff: Arming Employees to Beat Modern Attacks,” Infosecurity, Nov. 28, 2014.
- 2.
- 3.
- 4.
A media access control address (MAC address), also called a physical address, of a computer is a unique identifier assigned to network interfaces for communications on the physical network segment.
- 5.
Kim Zetter, “It’s Insanely Easy to Hack Hospital Equipment,” Wired magazine, April 25, 2014.
- 6.
Connor Mannion, “Three U.S. Hospitals Hit in String of Ransomware Attacks,” NBC News, March 23, 2016.
- 7.
Connor Mannion, “Three U.S. Hospitals Hit in String of Ransomware Attacks,” NBC News, March 23, 2016.
- 8.
US-CERT Alert (TA16-091A) Ransomware and Recent Variants Original release date: March 31, 2016. Last revised: May 6, 2016.
- 9.
- 10.
Charlie Osborne, “Tick, tock: Jigsaw ransomware deletes your files as you wait,” ZDNet, April 22, 2016.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Luis Ayala
About this chapter
Cite this chapter
Ayala, L. (2016). How Hackers Gain Access to a Healthcare Facility or Hospital Network. In: Cybersecurity for Hospitals and Healthcare Facilities. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2155-6_2
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2155-6_2
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2154-9
Online ISBN: 978-1-4842-2155-6
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books