How long until someone gets hospitalized, hacks their own medicine dispenser in a harmless yet threatening way and then sues the hospital for millions? That might easily end up being far more lucrative (and, possibly, easier?) than ransomware-ing the place...
"Hey Barb - what's that guy in the patient gown and a laptop doing in front of the Pyxis?"
"Dunno, maybe he's the tech - it was acting wonky last week."
"Oh, I guess you're right. We'll just let him work."
Nothing is going to be inherently secure in the medical field. Too many people need to get at information / equipment / supplies. You will have breaches.
For a Pyxis-type system you need to be able to see if someone is shortchanging the loading of the drug or taking out drugs where they shouldn't. You also need to ensure basic database integrity (surprisingly the vendors don't seem to think much of this concept). These machines don't control anything else and don't have much patient information in them.
So you monitor by other means, you audit and you realize that Pyxis is so old that one is visible in the scene in 'Serenity' when Simon infiltrates the lab River has been kept in. Think back about the state of network security back then. When spaceships had toggle switches and blinky lights (and plumbing fixtures on the bridge attached to old industrial power cabinets, but I digress).
All of these packages I've talked about are Windows based, so unless a hospital were to develop their own stuff (using Linux or whatever), their hands are somewhat tied. From what I've told, the cause of the big technology gap is the CDC and AMA approval process; by the time a new piece of software passes through certification, it's already out-dated.
Yes, all the EMR vendors use Windows so we're stuck there, but no, the CDC and the AMA do not approve software. CMS (Centers for Medicaid and Medicare Security (???)) gives guidelines about how to go about looking for certified EHRs. A quasi governmental body called CCHIT used to certify EHRs but they've given up on that.
And there is no real 'technology gap' in modern EHRs. They are large, complicated programs so, like other large, complicated programs they tend to be conservative in how they are constructed and they are, of course, a bit of a kludge. But they run on modern hardware, use modern databases and have pretty good performance if they are set up right.
They are giant pains-in-the-ass as far as clinical staff is concerned but that is because the Powers That Be have decided it's OK for highly paid, busy professionals to be secretaries and data entry clerks. Until we get over that paradigm, this won't change much.
That might buy you a couple of thyristors. Not enough to make a difference.
What this all boils down to is the age old problem of money being available for construction, not maintenance or improvement. Follow up costs are ALWAYS lowballed. At least in the military sector, they explicitly cost out spares and upgrades (or at least cost out some of it). In civilian government it's always the shiney. Once it's running, no more ribbon cutting ceremonies.
To be fair to the BART designers though, If I designed something that lasted twice a long as specced and carried four times the passenger load, I'd be pretty happy.
For the same reason I hate americans for sticking to shitty measuring units. And for the same reason I hate the french for the soixante-dix and quadre-vingt... soixante means sixty, and soixante-dix means sixty-ten or seventy. And vingt means twenty, and quadre-vingt means four times twenty, or eighty. Just a smidge of insanity, that chips off Your reasoning bit by bit. Drop the traditional cruft, for fucks sake. Make things simpler. Surely, such a system of names was required to be sure I wasn' t marrying my cousin, but now I dare say that we have family registers for this sort of thing. Even in Portugal.
Why hello 51787515-28387497! Haven't seen you in a while. How are the surrogates?
God loves us so much he's willing to torture us for eternity with never ending fire. Sounds like he loves us just like an abusive father "loves" their child. Someone should call Child Protective Services on God since he's such a lover of his children.
Men rarely (if ever) manage to dream up a God superior to themselves. Most Gods have the manners and morals of a spoiled child. [Robert Heinlein, "Notebooks of Lazarus Long," from Time Enough for Love (1973).]
Well, if you registered yourself like you were supposed to do then you clicked on a form that said you would not fly under the influence of drugs or alcohol.
Now, enforcement might be a bit spottier than you are used to. You are unlikely to be pulled over by the Drone Police. However, if you were stupid enough to video your behavior and post it on social media, you might get a stern letter from the FAA.
Body language, emotive expressions, a feel for your interest in conversation. That's why Skype is such a hit. Now, the big question is whether a grainy whole body image of you is better than a moderately high rez image of your face.
For Carrie Fisher perhaps. For the rest of us, not so much.
Possibly, but I also get the same melodramatic feeling sometimes when I think back to the 80's and 90's and what the future was supposed to be. It's not the end of the world, but it sure as hell wasn't this.
What? 80's and 90's - that was way past the high water mark. We're talking about the 60's and '70's here.
You really should try walking around without your phone for a couple of days. It's not the physical weight that gets to you.
The first day is the hardest - you're constantly checking for something that isn't there. Wondering why work isn't calling you (did they fire me?).
The second day is still a little rough. You turn the corner and realize that you haven't heard about Donald Trump in 15 minutes. Maybe Russia started WWIII.
On the third day you awaken to true enlightenment. And you wonder how you stayed under the thumb of so many people and so many institutions for so long. The Tao of communication blackout. Your blood pressure drops 10 points. Your vision improves. You can taste your coffee.
On the fourth day you find out that your boss really means to fire you and your wife is about to stick her cell phone into places in your body where it shouldn't be. You turn the damn thing back on.
OK, I'll bite. I know some kinda dodgy private pilots, but nobody even remotely insane enough to attempt to land on a rotating blade, no matter how long or flat.
Can't the FBI use the same encryption breaking schemes they use on SSL to brute force the certificate used to place the original firmware, then hire someone from Algeria for $20/hour to put a new firmware on it? What about that memory heat map hack where they can read software right off the storage, can't they use that to decrypt the current firmware? Are all they advertising is distrust in government? Who is profiting off of the distrust in our own government?
You're really pushing Betteridge's Law this morning.
Slashdot Mirror
How long until someone gets hospitalized, hacks their own medicine dispenser in a harmless yet threatening way and then sues the hospital for millions? That might easily end up being far more lucrative (and, possibly, easier?) than ransomware-ing the place...
"Hey Barb - what's that guy in the patient gown and a laptop doing in front of the Pyxis?"
"Dunno, maybe he's the tech - it was acting wonky last week."
"Oh, I guess you're right. We'll just let him work."
Sometimes imagination is a bad thing.
++++
This.
Nothing is going to be inherently secure in the medical field. Too many people need to get at information / equipment / supplies. You will have breaches.
For a Pyxis-type system you need to be able to see if someone is shortchanging the loading of the drug or taking out drugs where they shouldn't. You also need to ensure basic database integrity (surprisingly the vendors don't seem to think much of this concept). These machines don't control anything else and don't have much patient information in them.
So you monitor by other means, you audit and you realize that Pyxis is so old that one is visible in the scene in 'Serenity' when Simon infiltrates the lab River has been kept in. Think back about the state of network security back then. When spaceships had toggle switches and blinky lights (and plumbing fixtures on the bridge attached to old industrial power cabinets, but I digress).
Sorry guy, GE CTs run Linux. Just watch the boot screen.
All of these packages I've talked about are Windows based, so unless a hospital were to develop their own stuff (using Linux or whatever), their hands are somewhat tied. From what I've told, the cause of the big technology gap is the CDC and AMA approval process; by the time a new piece of software passes through certification, it's already out-dated.
Yes, all the EMR vendors use Windows so we're stuck there, but no, the CDC and the AMA do not approve software. CMS (Centers for Medicaid and Medicare Security (???)) gives guidelines about how to go about looking for certified EHRs. A quasi governmental body called CCHIT used to certify EHRs but they've given up on that.
And there is no real 'technology gap' in modern EHRs. They are large, complicated programs so, like other large, complicated programs they tend to be conservative in how they are constructed and they are, of course, a bit of a kludge. But they run on modern hardware, use modern databases and have pretty good performance if they are set up right.
They are giant pains-in-the-ass as far as clinical staff is concerned but that is because the Powers That Be have decided it's OK for highly paid, busy professionals to be secretaries and data entry clerks. Until we get over that paradigm, this won't change much.
That might buy you a couple of thyristors. Not enough to make a difference.
What this all boils down to is the age old problem of money being available for construction, not maintenance or improvement. Follow up costs are ALWAYS lowballed. At least in the military sector, they explicitly cost out spares and upgrades (or at least cost out some of it). In civilian government it's always the shiney. Once it's running, no more ribbon cutting ceremonies.
To be fair to the BART designers though, If I designed something that lasted twice a long as specced and carried four times the passenger load, I'd be pretty happy.
+++++
This is the only way this could end. All it takes is one fruitcake to start it and we're way beyond single fruitcakes.
At the Republican National Convention there will be enough sugar crazed jellied nuts to put the nation into a diabetic emergency.
For the same reason I hate americans for sticking to shitty measuring units. And for the same reason I hate the french for the soixante-dix and quadre-vingt... soixante means sixty, and soixante-dix means sixty-ten or seventy. And vingt means twenty, and quadre-vingt means four times twenty, or eighty. Just a smidge of insanity, that chips off Your reasoning bit by bit.
Drop the traditional cruft, for fucks sake. Make things simpler. Surely, such a system of names was required to be sure I wasn' t marrying my cousin, but now I dare say that we have family registers for this sort of thing. Even in Portugal.
Why hello 51787515-28387497! Haven't seen you in a while. How are the surrogates?
God loves us so much he's willing to torture us for eternity with never ending fire. Sounds like he loves us just like an abusive father "loves" their child. Someone should call Child Protective Services on God since he's such a lover of his children.
Men rarely (if ever) manage to dream up a God superior to themselves. Most Gods have the manners and morals of a spoiled child.
[Robert Heinlein, "Notebooks of Lazarus Long," from Time Enough for Love (1973).]
That's OK.
Turns out the whole concept of virgin birth was just a typo.
Well, if you registered yourself like you were supposed to do then you clicked on a form that said you would not fly under the influence of drugs or alcohol.
Now, enforcement might be a bit spottier than you are used to. You are unlikely to be pulled over by the Drone Police. However, if you were stupid enough to video your behavior and post it on social media, you might get a stern letter from the FAA.
Now, if you tried to make some money off the video, you really be in trouble.
What does someone get out of me standing there?
Body language, emotive expressions, a feel for your interest in conversation. That's why Skype is such a hit. Now, the big question is whether a grainy whole body image of you is better than a moderately high rez image of your face.
For Carrie Fisher perhaps. For the rest of us, not so much.
You live IN a power point?
Oh, I'm so sorry.
Fucking magnets.
They're everywhere.
Do they have spiders in the Ukraine?
Throwing a standing Senator on the tracks seems to be more of an invitation rather than a deterrent, if you ask me...
'How many bottles of helium to you have?'
'That many? Great, I'll be down in a sec.'
Got my 3D printer, some mylar blankets and a roll of duct tape.
I'm all set.
Possibly, but I also get the same melodramatic feeling sometimes when I think back to the 80's and 90's and what the future was supposed to be. It's not the end of the world, but it sure as hell wasn't this.
What? 80's and 90's - that was way past the high water mark. We're talking about the 60's and '70's here.
Groovy.
You really should try walking around without your phone for a couple of days. It's not the physical weight that gets to you.
The first day is the hardest - you're constantly checking for something that isn't there. Wondering why work isn't calling you (did they fire me?).
The second day is still a little rough. You turn the corner and realize that you haven't heard about Donald Trump in 15 minutes. Maybe Russia started WWIII.
On the third day you awaken to true enlightenment. And you wonder how you stayed under the thumb of so many people and so many institutions for so long. The Tao of communication blackout. Your blood pressure drops 10 points. Your vision improves. You can taste your coffee.
On the fourth day you find out that your boss really means to fire you and your wife is about to stick her cell phone into places in your body where it shouldn't be. You turn the damn thing back on.
Nice while it lasted.
You clicked. It worked.
Hahahahahaha
Sure, if you can get a dead guy to unlock the phone and send a picture (previously stored on iCloud) through a WiFi AP that you control.
Easy Peasy.
(RTFA).
Why do you think it took so long to develop?
(I really, really want one of those....)
OK, I'll bite. I know some kinda dodgy private pilots, but nobody even remotely insane enough to attempt to land on a rotating blade, no matter how long or flat.
Who the hell are you hanging out with?
You've never heard of electric trains / trams / trolleys? Welcome to the 21st Century! We've got 'em.
Your ideas intrigue me and I would like to subscribe to your newsletter.
Can't the FBI use the same encryption breaking schemes they use on SSL to brute force the certificate used to place the original firmware, then hire someone from Algeria for $20/hour to put a new firmware on it? What about that memory heat map hack where they can read software right off the storage, can't they use that to decrypt the current firmware? Are all they advertising is distrust in government? Who is profiting off of the distrust in our own government?
You're really pushing Betteridge's Law this morning.