Ask Slashdot: Dealing With Unwanted But Official Security Probes? 238
An anonymous reader writes "I manage a few computers for an independent private medical practice connected to a hospital network. Recently I discovered repeated attempts to access these computers. After adjusting the firewall to drop connections from the attacking computers, I reported the presumed hacker IP to hospital IT. I was told that the activity was conducted by the hospital corporation for security purposes. The activity continues. It has included attempted fuzzing of a web server, buffer overrun attacks, attempts to access a protected database, attempts to get the password file, etc. The doctors want to maintain a relationship with the hospital and are worried that involving law enforcement would destroy the relationship. What would you advise the doctors to do next?"
Re:Is this not your local net police? (Score:5, Funny)
Just make it look official and let everybody know you're using all the most modern coding tools. For example, your mythical patient could suffer from a burn due to water skis being on fire (ICD 10 code V91.07XA). Or he could have been attacked by a turtle (W5921XA).
Real codes, but it would be rather unlikely to find such traumatic incidents in actual medical practice.
Oh for some mod points ... (Score:2, Funny)
This!
I checked the codes and they actually do mean that.
Elegant, classic, subtle, in-your-face.
+10!