Chapter 6. Unplanned Security
Imagine for just a moment that it's 6:30 a.m. and you're a patient in a hospital waiting for surgery. It's a routine operation to remove your gall bladder (one of those throw-away parts), and no big deal. What you don't know, however, is that the hospital's computer network was recently redesigned. The support staff moved all of the critical applications from the mainframe to a distributed network environment (right-sizing it). In the rush to move from one platform to another, management never developed security policies and procedures for the new systems. So the hospital support staff never configured security. On the surface, the right-sized network is running smoothly. Underneath, however, anyone on the hospital network can steal, modify, or destroy patient information on the servers. Yesterday, when you were admitted to the hospital, you had some pre-op testing done to make sure that you don't have an infection. They did blood work and a chest X-ray the standard pre-op stuff. You wake up early the next day, 4:00 a.m., and your surgery isn't for several hours. You wake because you're a little nervous about getting that gall bladder removed. After considering the problems it was giving you, you decide you'll be better off without it. Feeling calm, you fall back to sleep and have a few pleasant dreams. Six a.m. rolls around. The doctor calls down from the operating room. He tells the nurse that he wants the results of your pre-op tests sent with you to the operating room. Since the results haven't come back to the floor yet, the nurse logs into the computer to get your results. They're normal. Or, at least they are now. What your nurse doesn't know is that a hacker broke into the server and changed your test results from abnormal to normal. Before the information was modified, the results of your lung X-ray review noted a questionable shadow maybe just congestion, or maybe pneumonia. Results that would tell your doctor to postpone the surgery to avoid possible complications that could lead to respiratory failure. Since your doctor doesn't get those results, he operates anyway. Your gall bladder takes the route your tonsils fell to many years ago. It appears to have been a successful operation. That is, until the anesthesiologist notifies your surgeon that he can't seem to get you off the respirator. He orders a repeat chest X-ray which shows a dense pneumonia. He then requests your pre-op X-ray that shows a smaller shadow in the same area. He calls your surgeon wanting to know why he did an elective surgery on a patient with preexisting pneumonia. Your doctor can't be reached because he is busy filling out your death certificate. Guess what? Your lungs gave out you're dead. This is one case when the safety of the data means more than protecting information it means protecting lives. Pretty scary when you consider just how much real hospitals rely on their computers. Just consider… |
EAN: 2147483647
Pages: 73