Re: Targeting Hospitals?
If the vector is email, then it's very believable that an attacker would target domain names of companies (in this case, hospitals) that a) have lots to lose, and b) have access to big-figures money.
USA medical institutions = $$$. Random individuals, much less so.
Plus, they're far less likely to be blocked by spam filters if they minimise the amount of spam they send out. You can't do that effectively if your attack isn't targeted.
