Hacking company performs security breach at local hospital
SOMERSET - Todd Knisely was arrested after police say he impersonated a doctor at Somerset Community Hospital in July, but Knisely said there is more to the story.
Knisely was a patient at the hospital over a year ago when he wondered how secure the hospital was, both physically and digitally.
He runs an online conglomerate of computer hackers from all over the world called Shadows. He said they perform experiments to exploit lack of security and inspire people to take measures to protect their digital privacy.
"We go in and test security, and basically see how far we can get before being stopped," Knisely said.
At Somerset Hospital, he said he simply walked in the door, walked up to an open closet and put on a white coat. Looking the part, he said he was able to do whatever he wanted for 45 minutes until police said a nursing supervisor asked if he was a doctor.
Police said the hospital has no security on duty.
He said by just passing through, he had full access to the hospital computers and records. He claimed he did not do anything with the information, but only wanted to prove the point that somebody could, which is what shadows is all about, according to Knisely.
"If I were a bad hacker, and I'm not I'm a white hat, but if I were a bad hacker, I could go into the computer rooms, and now that makes everybody in this town susceptible to data breeches, and that's very private information," Knisely said.
He said that easy access to medical records and other information gives someone all they need to steal an identity, including insurance information, drivers licenses, Social Security numbers and much more.
According to the criminal complaint, the hospital plans to prosecute to the fullest extent possible.
The hospital declined to comment.