WebMD – Brian Selfridge knew his time was up.
From his perch in a locked conference room with the blinds half closed, he could see two members of the hospital IT team rounding the corner with what looked like a clear sense of purpose.
He suppressed a smile as he watched the pair running circles around each other.
One of them — brow furrowed, eyes buried in an open laptop — walked right past his room, saying, “He’s right here! He’s got to be!”
Selfridge knew he was minutes, if not seconds, from being found out. But that was fine. He and his team had hacked into the hospital computer system from a car in the parking lot several days ago.
They went in through a cardiac ECG system that was a few years old and so more vulnerable to hacking than newer devices. But there were 10 other ways into the system that would have been just as easy.
In fact, they didn’t even need to be on the premises to do a hack like this. A well-crafted “phishing” email is typically all you need to get the ball rolling.
An unsuspecting employee clicks on a link inside the email and — boom! — you’re in. You could send that from anywhere — say from an office in Moscow, or Tehran, or Pyongyang.
He was only onsite this time because he needed to get in as quickly as possible.
If he’d had the time, Selfridge would have stopped to shake his head. But with the IT team closing in, he bagged his laptop, slipped out a side door, and took off to find his partner, who was waiting for him in a nearby car.
All in all, it had been a successful week. He had been lurking inside the computer system for days, looking for weaknesses.
By the time the IT team had finally caught on, it didn’t matter … Click here to read more.