Computer security in the NHS
Moderators: nickj, Lady of Mystery, Mandrake, bananafish, support
20 posts
• Page 2 of 2 • 1, 2
by DenmarkKilo » Dec 24th, '08, 16:36
I'm sure I remember an episode of something that Kevin Rose (Digg.com founder) and someone else did where he managed to order a free pizza over the phone by turning up and listening in for some specifics of someone else's order, then going home and complaining as them, throwing in bits from the earlier observance. Can't remember the name of where he did this though...
Watching: Jeeves and Wooster
-
DenmarkKilo - Senior Member
- Posts: 535
- Joined: Sep 9th, '08, 23:29
- Location: South Wales, UK (33:AH)
by Farlsborough » Dec 25th, '08, 01:59
This is my opinion regarding security of personal details etc: there will always be bad people out there who know how to steal from you. And society is still largely working on the principle that the majority are reasonably decent, who will not take every penny you have just because they can.
If someone wants to blow up the plane you're on, they will. If someone wants to help themselves to your personal belongings, they will, even if it involves the simple step of holding a knife to your throat in the street, or watching your house until you leave - sorry.
I understand your frustration Kolm, but in the greater scheme of things: you don't have financial details stored by the NHS. The most anyone is going to be able to find is your name and address (hardly a state secret I expect), and the fact that you have asthma or something. Technically, there is some potentially sensitive information about you: your HIV status perhaps - but it's not the sort of info easily abused by someone else.
As a medical student who needs access to medical records to learn, I can attest to the fact that it is royal pain in the @rse to have to track down a fully qualified, checked out member of staff to borrow a card from to access computer details - but that's what it takes. And yet a fully qualified, "checked out" doctor was recently caught in his attempt to blow up hundreds of people just like those he's supposed to care for on a daily basis.
As I said - if they want to, they will...
If someone wants to blow up the plane you're on, they will. If someone wants to help themselves to your personal belongings, they will, even if it involves the simple step of holding a knife to your throat in the street, or watching your house until you leave - sorry.
I understand your frustration Kolm, but in the greater scheme of things: you don't have financial details stored by the NHS. The most anyone is going to be able to find is your name and address (hardly a state secret I expect), and the fact that you have asthma or something. Technically, there is some potentially sensitive information about you: your HIV status perhaps - but it's not the sort of info easily abused by someone else.
As a medical student who needs access to medical records to learn, I can attest to the fact that it is royal pain in the @rse to have to track down a fully qualified, checked out member of staff to borrow a card from to access computer details - but that's what it takes. And yet a fully qualified, "checked out" doctor was recently caught in his attempt to blow up hundreds of people just like those he's supposed to care for on a daily basis.
As I said - if they want to, they will...
- Farlsborough
by dat8962 » Dec 25th, '08, 02:27
Where there is a will - there is more often a way and I agree with you Farlsborough in general.
When assesing security risks you have to look at things in perspective which unfortunately many people don't. Better safe than sorry doesn't necessarily mean that you're secure. It just means that you've done a little more than the next person and sometimes, that in itself can be enough.
Criminals are generally clever people with technical ability. If you underestimate how clever a criminal is then you are likely to become a victim.
Data security in hospitals and access to records is of course only one element of security to consider. You have the safety of staff working nights in A&E - a big concern and of course the potential for strangers to wander onto childrens wards, the security of drugs and the list goes on.
Part of the problem with security can be that once people breach rules that they consider to be a pain and get away with it, then pretty soon they will generally start to breach other procedures that could and sometimes have more importance.
Often, the issue revolves around poor communication because no-one knows the relevance or significance of the procedures that are in place, because they haven't been told. If people were more informed, by being told more about the risks and consequences of their actions then they would be more likely to adhere to the procedures that are in place.
Communication is one of the biggest aspects of security that is overlooked, irrespective of whether it's physical security or data security.
A lot of security protocols are also disjointed. Many organisations look at and manage their data protection and physical security measures and separately, with different people responsibile for each and who rarely speak to each other.
I'm rarely surprised these days at how poor security can be.
When assesing security risks you have to look at things in perspective which unfortunately many people don't. Better safe than sorry doesn't necessarily mean that you're secure. It just means that you've done a little more than the next person and sometimes, that in itself can be enough.
Criminals are generally clever people with technical ability. If you underestimate how clever a criminal is then you are likely to become a victim.
Data security in hospitals and access to records is of course only one element of security to consider. You have the safety of staff working nights in A&E - a big concern and of course the potential for strangers to wander onto childrens wards, the security of drugs and the list goes on.
Part of the problem with security can be that once people breach rules that they consider to be a pain and get away with it, then pretty soon they will generally start to breach other procedures that could and sometimes have more importance.
Often, the issue revolves around poor communication because no-one knows the relevance or significance of the procedures that are in place, because they haven't been told. If people were more informed, by being told more about the risks and consequences of their actions then they would be more likely to adhere to the procedures that are in place.
Communication is one of the biggest aspects of security that is overlooked, irrespective of whether it's physical security or data security.
A lot of security protocols are also disjointed. Many organisations look at and manage their data protection and physical security measures and separately, with different people responsibile for each and who rarely speak to each other.
I'm rarely surprised these days at how poor security can be.
Member of the Magic Circle & The 2009 British Isles Close-Up Magician of the Year
It's not really an optical illusion - it just looks like one!
It's not really an optical illusion - it just looks like one!
-
dat8962 - Veteran Member
- Posts: 9265
- Joined: Jan 29th, '04, 19:19
- Location: Leamington Spa (50:Semi-Pro)
by lozey » Dec 26th, '08, 03:12
The managers at the company i work at (a worldwide chain) keep the password to their main server written in marker pan on the monitor!
As regard to security in hospitals, in the 2 hospitals i work in, the wards are kept locked outside of visiting hours and you have to have a swipe card to get in. I dont know if thats a general hospital rule though for all of them
As regard to security in hospitals, in the 2 hospitals i work in, the wards are kept locked outside of visiting hours and you have to have a swipe card to get in. I dont know if thats a general hospital rule though for all of them
(C, AH)
If you have a quality,let it define you no matter what it is-Doug Bradley
If you have a quality,let it define you no matter what it is-Doug Bradley
-
lozey - Advanced Member
- Posts: 1002
- Joined: Mar 9th, '06, 23:59
- Location: West Yorkshire (27,AH, C)
by kolm » Dec 28th, '08, 22:56
Farlsborough wrote:I understand your frustration Kolm, but in the greater scheme of things: you don't have financial details stored by the NHS. The most anyone is going to be able to find is your name and address (hardly a state secret I expect), and the fact that you have asthma or something. Technically, there is some potentially sensitive information about you: your HIV status perhaps - but it's not the sort of info easily abused by someone else.
Oh yeah, I know what you mean, and I do know it's not the end of the world. It's just I'm actually a big supporter of this system, and it's just frustrating to see someone who did have access treat it like some meaningless barrier especially when there's a large group of people who'd rather not have the system in place
As a medical student who needs access to medical records to learn, I can attest to the fact that it is royal pain in the @rse to have to track down a fully qualified, checked out member of staff to borrow a card from to access computer details - but that's what it takes
As someone who creates software, it's interesting to hear a take like that. I'm sure it won't be long before a medical student is told "Ah, I'll just leave it on my desk overnight for you...". It's a fine balance
"People who hail from Manchester cannot possibly be upper class and therefore should not use silly pretentious words"
-
kolm - Advanced Member
- Posts: 1974
- Joined: Apr 18th, '07, 22:58
20 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 2 guests
