Physical Assessments Against Hospitals


Recently, I performed a physical assessment against a large hospital. There are several gaps that were discovered, but I will not cover those in this post. With the high level of traffic in an environment like a hospital with many employee types, patients, vendors, volunteers, etc., it’s common for many people to be in/out of sensitive and non-sensitive areas.  If you find yourself performing one of these assessments (legally of course), I have provided a quick guise that you can use in case you are approached and challenged as to why you are there.

Something that’s very important within the world of hospitals is patient satisfaction. So, what better thing to do than to use a guise that fits this! The thing I like most about this is that it’s quick, and doesn’t contain risks associated with wearing the correct color of scrubs. If challenged, simply state that you’re there to perform “patient satisfaction surveys”. If your challenger keeps pressing, you can simply state that you’re a “volunteer”, and don’t know the answers.

To keep the guise more believable, it make sense to actually have surveys available. So, after some digging, I’ve saved you the trouble of doing the same and have provided you direct downloads of surveys that I’ve used in the past.

Print out a few copies, put them on a clipboard, and there you go!


One way I took this further is by hiding my Proxmark3 badge cloner inside of the clipboard. I put a few extra copies inside of the clipboard to cover up the cloner, in case I needed to open it around people for any reason.


Most hospitals that I’ve been in utilize low-frequency proximity cards, so it should save you some time to go ahead and flash your ProxMark3 to be on low-frequency (LF) mode, instead of the default high-frequency (HF) mode. Here’s a post we wrote regarding flashing your Proxmark3.


— Brent White

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.