Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Fake Hospital Inspectors Probed

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Fake Hospital Inspectors Probed
Date: Sat, 23 Apr 2005 07:14:51 -0500 (CDT) 
http://www.washingtonpost.com/wp-dyn/articles/A7680-2005Apr21.html

By David Brown
Washington Post Staff Writer
April 22, 2005

The FBI and other law enforcement agencies are looking into incidents
in which people masquerading as unannounced inspectors were found
poking around three hospitals in Boston, Detroit and Los Angeles.

In each case the impostors were stopped by security guards or hospital
staff, and then either left or were expelled. No one has been
arrested, and neither the identity of the intruders nor their motives
are known.

"There is no working hypothesis. It could be any number of things,
from identity theft to something more nefarious," an FBI spokesman,
who declined to be named, said yesterday.

The Department of Homeland Security is also "aware of these suspicious
reports," said Brian Roehrkasse, a department spokesman. He added the
agency does not have "any intelligence information that indicates al
Qaeda is planning an attack or targeting hospitals."

Virtually all U.S. hospitals are subject to unannounced inspections by
surveyors from the Joint Commission on Accreditation of Healthcare
Organizations (JCAHO). The surveyors can ask to see hospital records,
gain admittance to nonpublic areas, and watch people work. In all
three incidents, the impostors implied or stated outright they were
JCAHO surveyors.

In the past the organization has occasionally gotten reports of people
falsely claiming to be its inspectors. Usually, though, they were
seeking favored treatment, such as moving ahead of others in the
emergency room or getting copies of a patient's medical chart. That
was not the case in the recent incidents, which occurred from late
February through mid-March.

"We decided that this represented a pattern of behavior that we had
not seen before, and our anxiety level went up," said Joe Cappiello,
JCAHO's vice president for accreditation/field operations.

In the first, a well-dressed man and woman were stopped by a security
guard at a Los Angeles hospital about 2 a.m. They showed badges
similar to those issued by JCAHO and asked to be let in. When the
guard asked for more identification, they retreated, saying they were
at the wrong hospital.

The second incident occurred three days later at a hospital in Boston.  
A well-dressed man described as being 35 to 40 and of South Asian or
Middle Eastern descent was stopped about 3 a.m.

"He seemed to have some authority about him, and again when pressed
for identification that person fled the medical center," Cappiello
said.

About a week later, a woman was found in the maternity ward of a
Detroit hospital. She identified herself as a Joint Commission
surveyor but fled when staff members asked more questions.

A fourth incident, which occurred in daylight hours on March 27 at a
hospital in Sussex County, N.J., was deemed unrelated to the others.  
In that one, three men told a security guard they were doctors, and
asked for a hospital directory and information about bed capacity and
services. They did not mention JCAHO.

It is unclear whether any of the impostors in the three incidents
participated in more than one. An FBI spokesman said he was "not going
to get into any specifics."

Neither JCAHO nor the FBI would identify the hospitals, and officials
at the hospital associations in California, Massachusetts and Michigan
said they did not know.

The Joint Commission sent two security alerts to the 5,000 medical
institutions it accredits, describing the incidents and warning the
hospitals to be on the lookout for suspicious activities.

"It might all be coincidence," Cappiello said. Although hospitals have
been named as possible terrorist targets, he noted they also may be
attractive to people wanting to steal drugs, expensive equipment or
identity information.

JCAHO surveyors go to about 1,700 hospitals a year, with about 300 of
the visits unannounced. Only a few are done outside usual work hours,
and those are usually to investigate complaints made about specific
night-shift activities.

In response to the three incidents, the organization said that all
unannounced surveyors will now carry a letter signed by its executive
vice president.

Ron Czajkowski, vice president of the New Jersey Hospital Association,
said his organization used to post on its Web site the names of Joint
Commission surveyors working in the state. It stopped that practice
two weeks ago.



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Fake Hospital Inspectors Probed, InfoSec News <=
Previous by Date:  [ISN] In the security hot seat (was re: Symantec on crack), InfoSec News
Next by Date:  Re: [ISN] Wood River student expelled for hacking into computer, InfoSec News
Previous by Thread:  [ISN] In the security hot seat (was re: Symantec on crack), InfoSec News
Next by Thread:  [ISN] Secunia Weekly Summary - Issue: 2005-16, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]