Why Passwords Are NEVER Enough!
I had the unfortunate experience of checking into a hospital for surgery recently. This is a transcript of a real conversation at the hospital (I have to say here it was NOT an NHS hospital).
freedigitalimages.net
Picture this – I am standing at the reception desk completing my paperwork and there are two receptionists – Jane and Jill (names have been changed to protect the guilty) behind the desk. Several other people are seated within earshot of this conversation.
Jane to Jill ‘what is the password for this patient system? I need to change something’
Jill responds ‘its fmsystemsa’.
Jane ‘it doesn’t work, I can’t get in’
Jill ‘try a capital F in fmsystema’
Jane ‘no, still doesn’t work!’
Jill ‘oh hang on I think it’s a different password, I have it written down’
Jill produces a little book from her desk and said ‘try Patient2012 with a capital P’
Jane ‘Thanks, it worked!’
Now, I don’t know about you but it made me feel very uneasy about the way this particular hospital is protecting patient information and that their staff have not been trained in the very basics of data security. I wonder how many of these conversation go on every day in environment that have custodial data which must be protected?
I can agree with your point here, but I must say that in a real world attempt to gain patient records digitally, its about a 50 – 50 chance that the system that you overheard the password to would be accessible from anywhere other than within the hospital building. What I would be more concerned with would be the paper records and information that is floating around in those offices. Hopefully they have a document destruction procedure.