Hospitals plastered with password sticky notes.
Medicos are so adept at mitigating security controls that their bypassing exploits have become official policy, a university-backed study has revealed.
The work finds that nurses, doctors, and other medical workers will so often bypass information security controls in a bid to administer rapid health care that the shortcuts are taught to other staff.
It is built on face to face and phone interviews with hundreds of medical workers, chief technology officers, and 19 security boffins by an academic team of Sean Smith and Vijay Kothari of Dartmouth College, Ross Koppela of the University of Pennsylvania, and Jim Blythe of the University of Southern California.
"We find, in fact, that workarounds to cyber security are the norm, rather than the exception," the team writes in the paper
Workarounds to Computer Access in Healthcare Organisations: You Want My Password or a Dead Patient? [
pdf].
"They not only go unpunished, they go unnoticed in most settings — and often are taught as correct practice.
