How Hackers Gain Access to a Healthcare Facility or Hospital Network
This is where the hacker begins to exploit the hospital’s network. The hacker gains access to an active medical device on a hospital network in any one of dozens of ways. Having successfully carried out a spear-phishing campaign, the hacker knows who the network administrator is, who the technicians are, and has even obtained some email addresses for hospital staff from attendee lists at medical conferences posted to the Internet. Hospital directories are also a good source of information. When an unsuspecting hospital employee opens an email claiming to be from a bank, the IRS, hospital HR, or from a spoofed name of a friend, the malicious payload is delivered. Fully 78 percent of phishing emails will impersonate hospital IT department or anti-virus vendor.