Misdirected spyware infects Ohio hospital

It was a bad idea from the start, but even as bad ideas go, this one went horribly wrong.

A 38-year-old Avon Lake, Ohio, man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at Akron Children's Hospital.

In late February 2008, Scott Graham shelled out US$115 for a spyware program called SpyAgent and sent it to the woman, according to a plea agreement filed in the U.S. District Court for the Northeastern District of Ohio.

He allegedly sent the spyware to the woman's Yahoo e-mail address, hoping that it would give him a way to monitor what she was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department, creating a regulatory nightmare for the hospital.

The complaint does not explain how Graham managed to convince the woman to install the program, but clever attackers often trick their victims into clicking on files by saying that they are interesting videos or some kind of useful software.

Between March 19 and March 28 the spyware sent more than 1,000 screen captures to Graham via e-mail.

They included details of medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients.

Μπορείτε να βρείτε το άρθρο στη διεύθυνση http://www.cio.com.au/article/319073/misdirected_spyware_infects_ohio_hospital