Misdirected spyware infects hospital, man charged

It began as a private act of mischief, to spy on an ex-girlfriend, but now 38-year-old Scott Graham of Avon Lake, Ohio, is set to plead guilty to federal charges. The original idea was simple enough: Buy commercial spyware and send it to his target's Yahoo e-mail address in the hope that she will launch it.

Unfortunately for Graham, the target of his attention chose to open the spyware on a computer located in the pediatric cardiac surgery department at Akron Children's Hospital. The spyware worked as advertised, and a result sent out more than 1,000 screen captures to his e-mail address in the span of just 10 days.

Among the information leaked to Graham as a result were confidential records on 62 hospital patients. For that, Graham will pay $33,000 in damages to the hospital and could face up to five years in prison.

Of course, as to why a computer at such a sensitive location should even be configured to browse the Internet remains to be seen. But as Eric Howes, director of research services with antivirus company Sunbelt Software noted, what happened at the hospital wasn't "that different from 99 percent of companies out there." What kind of protection does your organization use to protect itself from malware?

For more on this story:
- check out this article at CIO

Related Articles:
Heartland plans aggressive encryption system
Automated oil rigs vulnerable to hacking
Five ways to get serious about security
New attack opens the door to one minute WPA crack