Passwords kill

Do you want my Password or a dead Patient?

During an on-site visit a colleague sent us the image below and this paper [1]; the paper is old but the days of authentication credentials being attached to medical devices is not dead. Probably never will be.

Cyber security efforts across many settings still confront workarounds and evasions by clinicians and employees.  They are not black-hat hackers or terrorists, but rather colleagues who are just trying to do their work in the face of often onerous and irrational computer security rules.

Healthcare is not alone. For many organisations, workarounds to cyber security are the norm, rather than the exception. They not only go unpunished, they can go unnoticed in most settings; most concerning of all, workarounds are often actually taught as correct practice, especially within isolated teams. [2]

Change is hard. Technology is relatively easy. People find attachment comforting so when you interrupt workflow you’ll be fighting business as usual and everyone’s relationship with it; your list of allies will quickly become very thin when you become the enemy for ‘getting things done’.

Security controls must obviously be addressed in concert with sociological, psychological and workflow issues.

The hard truth is our colleagues care more about their job than data security.

It’s our job to help them learn to love their data too!


[1] J Blythe. R. Koppel, S.W. Smith. “Circumvention of Security: Good Users Do Bad Things” IEEE Security and Privacy. Sept/Oct, 2013. pp.80-83

[2] S. Sinclair and S.W. Smith, “What’s Wrong with Access Control in the Real World,” IEEE Security & Privacy, vol. 8, no. 4, 2010, pp. 74–77.

Facebook
Twitter
LinkedIn
Email

Want to know more?

Call Us

01904 500255

Message Us