This week’s Data Security Podcast had two items that really piqued my interest. The first was an article about an Ohio hospital which suffered data loss due to a malware infection. The malware was sent by the boyfriend of a hospital worker. Apparently he intended to follow his girlfriend’s movements on the Internet on her home PC. What he did not count on was her opening her email at work, and subsequently infecting a hospital computer. Quoting the PC World article,
“Between March 19 and March 28 the spyware sent more than 1,000 screen captures … via e-mail. They included details of medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients. He was also able to obtain e-mail and financial records of four other hospital employees as well…”
This incident goes a long way to show that the biggest threat can often come from inside. Yes, while the boyfriend was the root cause, had the hospital employee not been allowed to access her personal email from work, her system would not have been infected in the first place.
In a separate news article, Panda Security reports that a hacker site is offering to crack Facebook accounts for the low low price of $100. Setting aside the question of whether the site is a “legitimate” hacking site (who’s to say they won’t just take your $100 and walk away?), I found it interesting that a Facebook account is now worth 3 times the street price of a social security or bank account number, which my sources say are going for $20-35 a piece.