Just filing this story away as an example of why policies and computer restrictions are in place. Local admin rights, checking personal email at work,* local malware prevention, etc.
He allegedly sent the spyware to the woman’s Yahoo e-mail address, hoping that it would give him a way to monitor what she was doing on her PC. But instead, she opened the spyware on a computer in the hospital’s pediatric cardiac surgery department, creating a regulatory nightmare for the hospital.
* This is getting stupidly hard, really. But everyone should still stop the big names, and then manual analysis of logs should pick up on regular use of smaller mail providers which can then be added to a blocklist. Sadly, this means staff-hours in a time when every company wants automated appliances to secure the world with little input.