Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Prank Exposes Hospital Medical Records

Posted by kdawson on from the epic-keylogger-fail dept.

cheerytt writes "Let this be a lesson to all the broken-hearted geeks out there. A 38-year-old Ohio man is set to plead guilty to federal charges after spyware he meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at a children's hospital. Spyware was sent to the woman's Yahoo e-mail address in the hope it would be used to monitor what his former girlfriend was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department. The spyware sent more than 1,000 screen captures via e-mail, including details of medical procedures, diagnostic notes and other confidential information relating to 62 patients. The man will pay $33,000 to the hospital for damages and faces a maximum sentence of five years in prison."

2 of 319 comments (clear)

  1. Couldn't happen here... by Nomaxxx · · Score: 5, Interesting

    In Belgium, many of the hospitals have most of their computers running Linux...

  2. Re:Who is really at fault? by malkavian · · Score: 5, Interesting

    Right. Ever worked in that environment? Nope? Thought not.. I have..
    You're faced with:

    Consultant (medical doctor) says "I need to access the net to be able to read research papers, proposals, and various ad hoc sites that contain research on the subjects that I deal with, along with external mail that I use because I move from hospital to hospital quite regularly.".
    IT says: "You can't access the net from that machine".
    Consultant goes to see hospital directors, stamps feet, and IT get overridden.

    Bear in mind there are several thousand PCs on a lot of hospital sites, with maybe 3 technicians to go fix and maybe one or 2 sysadmins. Hospital HR frequently sees IT as just waving a magic wand and things happen miraculously, so it's a "good way to save costs".
    If you tie machine names down that can't access the net, I can guarantee a consultant will find a way to get a machine in the area that does, even if it's moving someone else's there.
    As for breaking terms and conditions of use. Who do you think will win that pissing competition? Someone in the beleagured and under funded/under resourced IT department who is overlooked and overworked, or the consultant with the hand shakes and the ear of the board of directors?

    Coupled with the fact that not all antivirus and anti-malware will spot every variant. It'll get 90+ percent, but you always hear about the ones that get through.
    I'm surprised an executable got through the proxy filtering there, but hey.. Without knowing all the ins and outs of this in detail, I'm going to reserve judgement.

    The real world can be a messy morass of politics.. Working in a hospital, or academia, really has that in excess.. Try working in one if you think it's easy.. I'd be interested in hearing your opinion after doing it for a while..