Sure did! I think you're vastly overestimating the security of... basically everything computer related in the 2010 and earlier era.
I did not poke around obviously, because I was only interested in my personal files and assumed I only had a few minutes. Could I have been 'evil' and accessed other stuff maliciously? Maybe idk.
Years before I also had root access to my entire school district's records and probably could have wiped them if I really wanted to. I'm not a hacker or programmer by any means, just a random idiot that figured out how to use ophcrack back when XP was the primary operating system. It was a different time.
I'm mostly just surprised that the doctor didn't lock the workstation when they left the room. Especially if it was a radiology workstation (rather than e.g. exam room EMR workstations); the sensitive data risk from leaving it unlocked is huge!
Like, I'm not saying that'd solve computer security or anything, someone could still break into a locked computer. But it would definitely raise the level of effort required to access medical data up from "has a flash drive and five minutes".
I'm sure doctors get the same lock-your-workstation trainings as the rest of us, and ignore them about as often. I wonder if smartcards would be appropriate here: since doctors are typically jumping between lots of "thin-client equivalent" computers around their practice all day, could we give them smartcards that need to be physically inserted in computers in order to log in? Pull the card, computer logs you out; don't forget your card in the exam room or you can't log into the next one.
Like, I'm sure they'd have tantrums (any kind of users would, at this transition), but putting that aside: this kind of system is technically cheap and has been well-supported for decades. Would the overhead of employing it at medical practices be preventative? Is it already employed at some practices? How does it work there?
> I think you're vastly overestimating the security of... basically everything computer related in the 2010 and earlier era.
My astonishment is unrelated to IT security. Your behavior is equivalent to just sneaking into the unlocked office of your doctor and taking photos of your file.
Well what's the alternative? Get in a week long battle with the hospital while they struggle to locate and send a 500kb jpg? I AM talking about the American healthcare system here.
Yeah, I'll just grab it myself. It was a standing workstation right in front of the exam table and he didn't even close the browser. Would have taken 3 seconds to lock and unlock if they cared about security.
My experience as well, in a hospital a doc left me with sa fully logged in console, to feed my kid in his office (which is incredibly kind of course). I for one got that "walk afk = alt-f4" rammed into me at my work place at that time. Makes me think that there might be a face-id like unlock (and immediately lock) market out there for PCs...
I expanded on this in an adjacent comment: smartcards might be a cheap and easy solve here. Insert the card to log in, pull the card and you get logged out. Bonus points if the smartcard is also your access card for e.g. the break room.
Sure did! I think you're vastly overestimating the security of... basically everything computer related in the 2010 and earlier era.
I did not poke around obviously, because I was only interested in my personal files and assumed I only had a few minutes. Could I have been 'evil' and accessed other stuff maliciously? Maybe idk.
Years before I also had root access to my entire school district's records and probably could have wiped them if I really wanted to. I'm not a hacker or programmer by any means, just a random idiot that figured out how to use ophcrack back when XP was the primary operating system. It was a different time.
I'm mostly just surprised that the doctor didn't lock the workstation when they left the room. Especially if it was a radiology workstation (rather than e.g. exam room EMR workstations); the sensitive data risk from leaving it unlocked is huge!
Like, I'm not saying that'd solve computer security or anything, someone could still break into a locked computer. But it would definitely raise the level of effort required to access medical data up from "has a flash drive and five minutes".
I'm sure doctors get the same lock-your-workstation trainings as the rest of us, and ignore them about as often. I wonder if smartcards would be appropriate here: since doctors are typically jumping between lots of "thin-client equivalent" computers around their practice all day, could we give them smartcards that need to be physically inserted in computers in order to log in? Pull the card, computer logs you out; don't forget your card in the exam room or you can't log into the next one.
Like, I'm sure they'd have tantrums (any kind of users would, at this transition), but putting that aside: this kind of system is technically cheap and has been well-supported for decades. Would the overhead of employing it at medical practices be preventative? Is it already employed at some practices? How does it work there?
> I think you're vastly overestimating the security of... basically everything computer related in the 2010 and earlier era.
My astonishment is unrelated to IT security. Your behavior is equivalent to just sneaking into the unlocked office of your doctor and taking photos of your file.
Well what's the alternative? Get in a week long battle with the hospital while they struggle to locate and send a 500kb jpg? I AM talking about the American healthcare system here.
Yeah, I'll just grab it myself. It was a standing workstation right in front of the exam table and he didn't even close the browser. Would have taken 3 seconds to lock and unlock if they cared about security.
Makes you wonder if they could have accessed and saved data from other patients as well.
"I topped up my bank account within 30 seconds after the bank clerk left the counter."
My experience as well, in a hospital a doc left me with sa fully logged in console, to feed my kid in his office (which is incredibly kind of course). I for one got that "walk afk = alt-f4" rammed into me at my work place at that time. Makes me think that there might be a face-id like unlock (and immediately lock) market out there for PCs...
I expanded on this in an adjacent comment: smartcards might be a cheap and easy solve here. Insert the card to log in, pull the card and you get logged out. Bonus points if the smartcard is also your access card for e.g. the break room.