Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Royal Security Fail: 'May I Speak To Kate?'
Newest First  |  Oldest First  |  Threaded View
PJS880
PJS880,
User Rank: Ninja
12/17/2012 | 4:27:28 PM
re: Royal Security Fail: 'May I Speak To Kate?'
It was a very foolish prank but it did prove that the hospital; was not trained properly. That is not the nurse's fault she did not do anything wrong in my opinion. Social engineering attacks are just that they prey on human behaviors and that is all this was. It a an elaborate social engineering skit for entertainment purposes. Did the DJ know that what they were doing was 'hacking' probably not, and thought it was just that a prank call. Hopefully the hospital will use this information and properly train their staff so as this dopes not happen again.

Paul Sprague
InformationWeek Contributor
jaysimmons
jaysimmons,
User Rank: Apprentice
12/13/2012 | 7:19:54 PM
re: Royal Security Fail: 'May I Speak To Kate?'
I agree with Paul CerratoGs comment: You canGt blame others for having poorly trained staff or allowing such a low-level setup to work. At the end of the day, everyone that has access to patient information should be trained on how to handle such information.

Jay Simmons Information
Week Contributor
pcerrato10
pcerrato10,
User Rank: Apprentice
12/7/2012 | 6:36:34 PM
re: Royal Security Fail: 'May I Speak To Kate?'
"Our nurses are caring and professional, and not used to coping with this sort of journalistic trickery." What a poor excuse.

The author has a point. The hospital should be training staffers to spot tricksters like this.

Paul Cerrato
Editor
InformationWeek Healthcare


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2993
PUBLISHED: 2022-12-09
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
CVE-2022-4390
PUBLISHED: 2022-12-09
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do...
CVE-2022-45290
PUBLISHED: 2022-12-09
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.
CVE-2022-41299
PUBLISHED: 2022-12-09
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2022-4170
PUBLISHED: 2022-12-09
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.