Last year I wrote First They Came for Bandwidth, where I described a progression through three attack types:
The scariest part is the last attack can be the hardest to detect and recover.
I thought about this when I read this entry in the newest Risks Digest as Software glitch causes incorrect medication dosages:
Patients at VA health centers were given incorrect doses of drugs, had needed treatments delayed and may have been exposed to other medical errors due to the glitches that showed faulty displays of their electronic health records, according to internal documents obtained by The Associated Press under the Freedom of Information Act.
The VA's recent glitches involved medical data -- vital signs, lab results, active meds -- that sometimes popped up under another patient's name on the computer screen. Records also failed to clearly display a doctor's stop order for a treatment, leading to reported cases of unnecessary doses of intravenous drugs such as blood-thinning heparin.
According to interviews and the VA's internal memos, the glitches began after the VA distributed its annual software upgrade last August [2008].
By early October, hospitals began reporting the troubling problems: When doctors pulled up electronic records of different patients within 10 minutes of each other to offer treatment advice, the medical information of the first patient sometimes displayed under the second person's name. In some records, a doctor's stop order for intravenous injections also failed to
clearly display.
Ref: Veterans given wrong drug doses due to glitch (MSNBC)
The next step is intentional alteration of records.
If we think it's tough to maintain availability and confidentiality, wait until we security people are tasked with validating the integrity of data. It will happen after a celebrity dies or a group of "normal people" do, unfortunately en masse.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
0 komentar:
Posting Komentar