Social Engineering: A Psychological Hacking to Temper Medical Security - Proceedings of All India Seminar on Biomedical Engineering 2012 (AISOBE-2012)

Biomedical Engineering Reference

In-Depth Information

computer systems and sensitive information. This is due to the widely accepted

fact that people are the weakest links in a security framework to penetrate.

Teleradiology applications and universal availability of patient records using

web-based technology are rapidly gaining importance. Consequently, digital

medical image security has become an important issue when images and their

pertinent patient information are transmitted across public networks, such as the

Internet. Health mandates such as the Health Insurance Portability and Account-

ability Act require healthcare providers to adhere to security measures in order to

protect sensitive patient information.

Social Engineering is a collection of techniques used to manipulate people in

such a way that they unintentionally or unknowingly leak confidential information

or do such actions that may lead to leave a way unauthorized access for hackers. It

is similar to a confidence trick or a simple fraud, the term typically applies to

trickery for information gathering or computer system access. In most of the cases,

the attacker never comes face-to-face with the victims and the latter seldom realize

that they have been manipulated.

A determined penetration tester or attacker rarely fails to trick his targets into

releasing sensitive information. The usefulness of the information and the diffi-

culty of obtaining it depend on the individual security controls. If you are not

incorporating social engineering into your assessment arsenal, you are ignoring a

threat vector that may dramatically affect your risk exposure.

Categories of Attacks

A variety of attacks are evolving as users smartness is increasing. These attacks

may be technical or non-technical in nature.

Phishing

A user may receive an email appearing to have come form a legitimate business,

a bank, or credit card company requesting ''verification'' of information and

warning of some dire consequences if it is not done. The letter usually contains a

link to a fake Web page that looks authentic with company logos and content and

has a form that may request username, passwords, card numbers or pin details.

Spam Mails

Some e-mails that offer friendships, entertainment, gifts and various free pictures,

and information to take advantage of the anonymity and friendship of the internet

or plant malicious code. The user opens e-mails and attachments through which

Search WWH ::

Custom Search

Home