WonderWino
kiwifarms.net
- Joined
- Dec 17, 2019
One of my most concerning IT incidents, ironically happened since i've temporarily shifted over to security instead of IT. See, when i'm on day shifts at the local hospital part of my job is to fill in for the break and lunch break of whoever is working the front desk at the hospital. Its like 45 minutes a day. This desk happens to have a computer tied into the rest of the hospital network so that the front desk guard can access info for questions about which room a patient is in, whether they have been discharged and are waiting for a pickup, etc... See, the thing is that it doesn't just show that info, it basically shows you everything registration and the medical staff can see when they look up patient info, so medical shit as well. Now, thats not really an issue from my side of things as confidentiality comes with the job and all that but the problem is the password for said computer is literally 'information' and that is explicitly written on at least 4 sticky notes at this very moment plastered all around the PC itself and several spots on the desk, which anybody sees pretty much immediately upon going behind the desk. Also keep in mind that the front desk isn't manned after around 7pm (the main entrance is locked and people have to come through the ER/via ambulance, etc..) so there is nobody there to keep an eye on the computer. Also keep in mind that the route to the cafeteria (which is closed most of the day but still has all the food and drink machines and such located in it) that people take regularly all night when they're stuck in the ER for hours goes directly past and in front of said front desk. Needless to say it would be very easy for some nosy patient to slip behind there and look up information about any patient they wanted to. The area is only patrolled a couple times an hour. My point being, thats a major security no no and risks as massive confidentiality violation. I brought this up to the head of IT, got dismissed as 'the security guy' who is assumed to know nothing about IT matters, despite having more experience in the field than he does. Took it up with the receptionist at the ER, who passed it on to said IT guy with the same result, and with the supervisor for the other security staff that actually does the patrols in that area. He didn't think it was an issue (lolwut?)
and on that note, its not strictly an IT situation but I have another story about that supervisor that really hammers home how badly this hospital is run on that side of things. Earlier this week I made a minor mistake of sending down a second visitor to a room, having confused 'ER patients can have 1 visitor' with 'critical ER patients can have 2' which was a rather easy mistake to make and was fixed almost immediately. All of a sudden, a few minutes later a pissy security guard comes up demanding the access card cause the supervisor 'wants to hold on to it' (hey dumbass, you're the one who actually opened the door, I just authorized it, careful who you point fingers at cause its your fuckup too) but fair enough, if they want to handle access control thats fine, one less thing I have to do. So a half hour goes by and some discharged psych patient starts causing a scene outside cause he didn't get what he wanted or something like that, so naturally security responds. This leaves the other security desk in the ER unmanned (there are two - mine and the one with the security monitors and main door access controls on the wall) a very pregnant, about to give birth RIGHT NOW woman suddenly gets rushed into the ER by her freaking out husband. They both blurt out the baby is coming any minute now and they need to get to maternity. So, not having the card on me anymore I go over to the other side of the room and hit the button for the door and let them through and they rush down the hall to maternity. So, the situation outside ends a few minutes later and the cops haul the guy off. The guard originally at the other desk comes back, notices that the pregnant woman is not in the ER anymore and gives me an odd look, then takes off to do her rounds again. Within a couple minutes I suddenly get a phone call from a man saying he's the security supervisor for the other guards and getting weirdly aggressive and hostile at the fact I 'went behind their desk' and opened the door. Keep in mind This was extremely common when the desk was unmanned during patrols and not only had I done it dozens of times before with no issue, other guards I replaced after their shifts have many times as well. It has never been an issue. I point this out and ask him what the problem is and he tells me to go on break and come down to his office to talk. So I do and he gets right pissy and is hostile as fuck going on about how inappropriate it is and how he wants his people doing access control now, saying we were told not to go behind that desk (this is not true and is absurd) tldr: he gave me a dressing down for literally doing my job. I replied that its fine if he wants his people doing access control from now on, but that I would not accept a dressing down, let alone such a hostile and aggressive one, from someone who I didn't even work for or answer to (we have our own supervisor we answer to, two different companies handle security at this hospital for some reason) or who feels it necessary to be this aggressive and confrontational for doing a very reasonable thing. He didn't like that, so I reminded him that his instructions. even if they did apply to me only do so within common sense and reasonable limits, and that as ANY staff member of this hospital will tell him, the needs and safety of the patients come first. Then pointed out how me standing there waiting for a guard to show up to open the door for me when I could easily do it myself, when there is a pregnant woman about to give birth any minute is neither appropriate or safe for the patient. He told me that 'wasn't my call to make and i'm not qualified to make it' which made me damn near literally laugh out loud. I replied that common sense says she needed to be let through and that not doing so would put her and the baby in danger if there were any complications, and that if I had followed those instructions and there had been complications I would have been risking legal action against the hospital, against myself and against him for being the one to give that unreasonable order in the first place, if they ended up with a baby with CP or whatever and got it in their heads that the delay had something to do with that injury that might have otherwise not happened. Ironically I had to explain to him twice that 'just following orders' is not a valid excuse for following an order that any reasonable person would disregard in the name of patient safety, whether they were a security guard or otherwise. He clearly didn't think about how that would go over in court, if said grieving parents sued. After all i'm sure a jury would just love a supervisor who gave an order like that and caused a lifelong injury to a baby
The point of that long story being, the guy they have in charge of half the security for the hospital and who didn't think a blatant security issue that could easily lead to anybody getting access to confidential patient information in violation of all kinds of confidentiality laws, was a problem, also didn't think about the ramifications of instructions he gives (to people he has no authority over in the first place) and didn't think about the logical conclusion of what could happen if you delayed a pregnant woman from getting the immediate medical attention she required, before chewing out a guard for using common sense in letting said pregnant woman get to maternity as quickly as possible
So yeah, keep in mind that guy is essentially in charge of your physical safety and the confidentiality of your patient info when you're at the hospital, and is clearly shit at both
and on that note, its not strictly an IT situation but I have another story about that supervisor that really hammers home how badly this hospital is run on that side of things. Earlier this week I made a minor mistake of sending down a second visitor to a room, having confused 'ER patients can have 1 visitor' with 'critical ER patients can have 2' which was a rather easy mistake to make and was fixed almost immediately. All of a sudden, a few minutes later a pissy security guard comes up demanding the access card cause the supervisor 'wants to hold on to it' (hey dumbass, you're the one who actually opened the door, I just authorized it, careful who you point fingers at cause its your fuckup too) but fair enough, if they want to handle access control thats fine, one less thing I have to do. So a half hour goes by and some discharged psych patient starts causing a scene outside cause he didn't get what he wanted or something like that, so naturally security responds. This leaves the other security desk in the ER unmanned (there are two - mine and the one with the security monitors and main door access controls on the wall) a very pregnant, about to give birth RIGHT NOW woman suddenly gets rushed into the ER by her freaking out husband. They both blurt out the baby is coming any minute now and they need to get to maternity. So, not having the card on me anymore I go over to the other side of the room and hit the button for the door and let them through and they rush down the hall to maternity. So, the situation outside ends a few minutes later and the cops haul the guy off. The guard originally at the other desk comes back, notices that the pregnant woman is not in the ER anymore and gives me an odd look, then takes off to do her rounds again. Within a couple minutes I suddenly get a phone call from a man saying he's the security supervisor for the other guards and getting weirdly aggressive and hostile at the fact I 'went behind their desk' and opened the door. Keep in mind This was extremely common when the desk was unmanned during patrols and not only had I done it dozens of times before with no issue, other guards I replaced after their shifts have many times as well. It has never been an issue. I point this out and ask him what the problem is and he tells me to go on break and come down to his office to talk. So I do and he gets right pissy and is hostile as fuck going on about how inappropriate it is and how he wants his people doing access control now, saying we were told not to go behind that desk (this is not true and is absurd) tldr: he gave me a dressing down for literally doing my job. I replied that its fine if he wants his people doing access control from now on, but that I would not accept a dressing down, let alone such a hostile and aggressive one, from someone who I didn't even work for or answer to (we have our own supervisor we answer to, two different companies handle security at this hospital for some reason) or who feels it necessary to be this aggressive and confrontational for doing a very reasonable thing. He didn't like that, so I reminded him that his instructions. even if they did apply to me only do so within common sense and reasonable limits, and that as ANY staff member of this hospital will tell him, the needs and safety of the patients come first. Then pointed out how me standing there waiting for a guard to show up to open the door for me when I could easily do it myself, when there is a pregnant woman about to give birth any minute is neither appropriate or safe for the patient. He told me that 'wasn't my call to make and i'm not qualified to make it' which made me damn near literally laugh out loud. I replied that common sense says she needed to be let through and that not doing so would put her and the baby in danger if there were any complications, and that if I had followed those instructions and there had been complications I would have been risking legal action against the hospital, against myself and against him for being the one to give that unreasonable order in the first place, if they ended up with a baby with CP or whatever and got it in their heads that the delay had something to do with that injury that might have otherwise not happened. Ironically I had to explain to him twice that 'just following orders' is not a valid excuse for following an order that any reasonable person would disregard in the name of patient safety, whether they were a security guard or otherwise. He clearly didn't think about how that would go over in court, if said grieving parents sued. After all i'm sure a jury would just love a supervisor who gave an order like that and caused a lifelong injury to a baby
The point of that long story being, the guy they have in charge of half the security for the hospital and who didn't think a blatant security issue that could easily lead to anybody getting access to confidential patient information in violation of all kinds of confidentiality laws, was a problem, also didn't think about the ramifications of instructions he gives (to people he has no authority over in the first place) and didn't think about the logical conclusion of what could happen if you delayed a pregnant woman from getting the immediate medical attention she required, before chewing out a guard for using common sense in letting said pregnant woman get to maternity as quickly as possible
So yeah, keep in mind that guy is essentially in charge of your physical safety and the confidentiality of your patient info when you're at the hospital, and is clearly shit at both
