I went to the Doctors recently. Didn’t expect to come across a security issue during my consultation, but…
I entered the consulting room, sat down, and we started to chat and the phone went.
The Dr informed me
“My colleague needs my assistance, I will be back in one minute”
So there I was all on my own in the consulting room, and gazed at his PC.
- He was logged in
- No screen lock
- Various medical applications logged in
- His smart card still in the reader
So I had the perfect opportunity to
- Browse any of his patients health records
- Modify, and digitally sign the records
- Delete stuff
A few days later, curious about the issue, I relayed the story to trusted health professional about it. The reply was not quite what I expected
“I suspect most people would act in the same way. If you take the smart card out, and have to log back in again, it takes too long.”
This once again shows the complexity of the People / Process / Technology triad. What seems at first sight a people failure, transpires to be a technology failure causing a adverse people reaction.
What security failures have you seen recently, what has been the cause – please leave your comments below.