Poor security practices are putting patients at risk, unnecessarily. While clinicians, quite rightly so, focus on patient care and not cybersecurity, many users implement ‘workarounds’ out of practical necessity and these ‘workarounds’ often go unnoticed and make the vulnerable even more so.
In a recent research paper by The University of Pennsylvania, Dartmouth College, and The University of Southern California, IT security workarounds were found to be standard practice for most medical staff. Healthcare workers acknowledge that security controls are important, however, often trying to navigate the technologies, clinicians cannot do their job properly and their duty of care to patients overrides their cybersecurity responsibilities. In this paper, it was found that healthcare professionals were found to write down passwords, whilst others defeated timeouts by requiring a junior member of staff to press the spacebar on the computer within certain time limits. Read more..