As I sit in a hospital waiting room, and as I visit with the patient, I can’t help but wonder if the infosec here is any good.
I am not a malicious person at all but I have been known to show people how vulnerable they really are. Of course I typically follow this up with a lesson on how to be more secure.
The hospital is a well known hospital so part of me believes they’re probably prepared for what’s running through my mind but there are so many computers all over the place. What I could do with a flash drive and 5 minutes.
Interestingly enough I have seen some “bad” behaviors such as nurses leaving themselves logged in to critical systems and walking away. This is clearly a HIPAA no no. I also noticed nurses and doctors are not very careful when typing in login information. A little shoulder surfing and I don’t even need a flash drive.
Now before you run screaming to the authorities I did not actually do any of these things but when I consider the educational opportunities at this, and probably many other, hospital it astounds me that either they have not been properly trained or they’re just lax in their attitude towards information security.
By the way I’m currently typing this from my Android phone connected to the guest wifi at the hospital. Wonder how many doctors and nurses are doing the same. ….hmmm.
Until next time. …