Ask Slashdot: Dealing With Unwanted But Official Security Probes?

An anonymous reader writes "I manage a few computers for an independent private medical practice connected to a hospital network. Recently I discovered repeated attempts to access these computers. After adjusting the firewall to drop connections from the attacking computers, I reported the presumed hacker IP to hospital IT. I was told that the activity was conducted by the hospital corporation for security purposes. The activity continues. It has included attempted fuzzing of a web server, buffer overrun attacks, attempts to access a protected database, attempts to get the password file, etc. The doctors want to maintain a relationship with the hospital and are worried that involving law enforcement would destroy the relationship. What would you advise the doctors to do next?"

Establish authorization first

Speak with someone at the managerial level and go find the agreement/piece of paper that states said hospital corporation has the right to perform security audits against your customers network. Until that does or does not materialize, take no action past what you're already doing in the name of good security

Have you tried all these?

You've told them that they don't have authorization to access your computers, and are (or would be) in violation of the law if they succeed?
You've asked for a meeting with their security people so that you can jointly plan to do whatever is needed?
You're reasonably comfortable that you indeed run a tight ship?
You've configured your firewall to drop their packets?

Re:Is this not your local net police?

[PolygamousRanchKid+]

My company's "good guys" run security tests once a week. They send me a report afterwards, listing any "findings". And, most importantly, I was informed by them beforehand, that they would be doing these tests.

If you weren't informed about it, how are you supposed to know that they are the good guys . . . ?