Having played a role that swung from dutiful wife throughout her husband’s trial to an enraged daughter who’d lost the beloved terminally ill mother she’d spent months tending, Ellen Graham was in desperate need of a holiday.

The past few months and her need to keep her wits about her during the twin ordeals of a trial and a funeral had not been easy, she concluded as she pulled an old, battered laptop out from its hidden recess under the sofa, the same laptop she’d used to search for and hire someone to hack into the system at Kirkland Hospital. The hacker had helped her bring to an end both her mother’s suffering and the alarming drain those hospital stays had been putting on the inheritance to which Ellen felt she was entitled. As to setting up a scheme that would allow her to dispose of an annoying husband without the need to endure a messy and contentious divorce, well, that had been a chore she’d managed to take care of all on her own. The idea of using an old GSM dongle Richard had left carelessly lying about, a device she’d taken great care to ensure had his fingerprints on instead of running the risk of purchasing one on her own, had been an absolute stroke of genius.

Having accomplished all she’d set out to do and paid off a man who had helped her solve two insufferable problems in a single stroke, the time had come to book that well-earned holiday she had so been looking forward to. The Greek islands would be nice, she thought to herself as a little smile lit up her face.

This was an easy one. Like so many other aspects of life in the twenty-first century, computers have become an integral part of the medical systems in developed nations. My own medical records, which includes the medications I take and their prescribed dosages, are part of the Veterans Administration database. This allows anyone with access to that database to pull them up, review them, and — if I’m being treated at any one of the 153 VA hospitals, 773 outpatient centers, or 260 vet centers across the United States — refer to them. It is a useful tool, a tool that can be abused for any number of reasons.

During an interview with Dick Cheney on CBS’s 60 Minutes in October 2013, the former vice president candidly admitted one of his greatest fears was that assassins would remotely access the electronic device used to compensate for irregular heart rhythms and assassinate him by altering them. While we did not use this technique to do in dear old Granny, the method of attack we did settle on is just as viable if the hospital and the caregivers responsible for treating patients leave themselves open to manipulation or attack.

As systems become more complex with an ever-increasing number of people having access to a growing number of wired-in electronic devices, the vulnerability of either part of the system or the system as a whole increases. In 2011, there were 5,724 registered hospitals and 4,973 community hospitals in the United States. The next time you visit a hospital, either to visit someone or out of necessity, take a moment to look around and count the number of computers and electronic tablets that are being used by the staff, both medical and administrative. Then, if you have overly active and slightly twisted minds like ours, think of the many ways they can be accessed, manipulated, and altered. Scary, isn’t it?

HAROLD COYLE

We started with the idea that a Sherlock Holmes — type “locked room” mystery could equally apply to a computer system, and the fictional system for Kirkland Hospital could quite easily have been accredited to an international security standard like ISO 27001:2013.

First of all, it’s air gapped — that is, there is absolutely no connection between the hospital’s medical systems and the Internet. The key services are all run on multiple, separate virtual servers, and everything is backed up daily whilst the key systems are all clustered to ensure that even if a server does go down, a replacement kicks in immediately. Patching and upgrades to the operational systems takes place regularly every three months following exhaustive testing in a test environment. All user workstations are locked down so that no one can plug in a USB device, and there are no CD/DVD drives, except under the control of IT. The medical staff all use hospital-provided iPads that connect to a strongly encrypted wireless network. The wireless network itself is kept at deliberately low power so that it can’t be accessed from outside the hospital buildings, let alone the private grounds. Finally, the SharePoint server, containing the file with all the prescriptions, has full audit logging enabled so that any changes to either the server or any of the files on it are captured in a separate secure log within a separate server. On the night in question, there were no unusual entries in the audit log.

So how did our hacker break in and commit murder? As described, the initial attack vector was through one of the hospital’s multifunction printers. Once Ellen Graham had plugged the GSM dongle into the USB port, she let our digital assassin know it was in place. From there, the digital assassin dialed in and compromised the printer (because its firmware hadn’t been upgraded like the rest of the hospital’s IT) and was able to use the wired local area network to find and compromise the main Active Directory (AD) server (because of the three-month delay in the patch cycle). The AD server is pretty much the heart of the network; once you’ve rooted that, you’ve got everything. He then set up a new virtual server (easy enough), recovered the most recent backup of the SharePoint server, and installed it under the name TEST whilst, of course, deliberately messing up all the dosages. Finally, he temporarily swapped the address of the real SharePoint server with the doctored TEST server on the AD server, and Bob’s your uncle. When Anna the nurse logged on, it was recorded on the AD server, which then directed her to the newly renamed TEST server. The wrong dosages were given, and nothing appeared out of place on the real SharePoint Server’s logs.

Thankfully, in real life, nurses and doctors are trained to check and double-check dosages by hand and confirm each other’s work.

Finally, a quick note about the techniques Tommy used when he got to the hospital. Everything he saw I too have seen for real during security audits on equally secure systems. If a human being invents a secure process, it’s as sure as day follows night that someone else will find a way to avoid it and will then tell all his or her friends and colleagues.

And yes, I really hate Post-it notes!

JENNIFER ELLIS

Like a medieval king perched high above a castle’s keep, Angelo Rossi kept a close eye on all that occurred within the garage of the Manhattan-based livery service. From his glass-enclosed booth set on a raised platform, he liked to think he saw everything, from who came in and out of the shop area or hung out on the street when the bay doors were open to who was slacking off. At the moment, he was watching Joseph Torres, the company’s chief mechanic, chatting with a man Rossi didn’t recognize. After tossing his cigarette out into the street, Torres shook hands with the stranger before making his way back into the shop.

Having learned the hard way it was best to trust his gut instincts when they told him something was going down, especially when a person with Torres’s record was involved, Rossi opened the sliding-glass divider and called him over.