"In December, people would receive an e-mail with a Christmas tree that you could click on to decorate. It looked innocent enough, but it wound up installing a keystroke logger on people's computers."
That's bad enough, but when the keystroke logger is on a PC in a pharmacy that is already struggling to keep up with Health Insurance Portability and Accountability Act (HIPAA) privacy mandates, the potential for legal exposure skyrockets. "A keystroke logger is a clear HIPAA violation," Fischer says. "
These folks have locked their systems down--- the only hole? The pharmacies, of course, because they require more internet access for obvious reasons. The solution for that final bit of open vulnerablity? Training, of course.
It can be done!