In recent months, hospital ATMs have proven to be the target of choice for hackers, and with good reason. It’s easy to gain entry into the public areas of a hospital where ATMs are found, and the staff is generally so harried just dealing with the patient population that no one is paying much attention to the ATMs or their security.
In the past, banks managed and maintained their own ATMs, but this function was outsourced to third parties years ago.
Back when the banks did it, they scrupulously inspected each machine in their fleet on a regular basis (often, but not always, daily). The third party vendors don’t do this, which leaves ATMs in out of the way, but easily accessible locations vulnerable to skimming.
All a hacker has to do is wear a uniform convincing enough that he can pass himself off as a repairman to gain access to the machine. In a matter of minutes, he can install skimming software which copies debit card data from the magnetic stripes of card holders.
This information is sent back to the hacker wirelessly. It can then be used to replicate cards of anyone who used that particular machine. Then, the hacker simply takes the card, walks up to any ATM, and makes a cash withdrawal.
Skimming has been a problem for years, but in the past several months, the number of such incidents has seen a sudden and suspicious spike. Given the current state of affairs, which includes third party maintenance and does not include daily inspections, and has hundreds of millions of easy to swipe magnetic stripe cards in circulation, this problem is going to get a lot worse before it starts getting better.