Minimal social engineering plus a weak network security infrastructure
is a disaster waiting to happen for any major medical facility.
You forgot to mention probable political infighting. And maybe
inexperienced leadership. My favorite snippet from the article is:
Dr. John Halamka, the former emergency-room physician
who runs Beth Israel Deaconess Medical Center's gigantic
computer network.
Is a physician, after years of medical school, internship, residency,
etc. the right person to be in charge of a "gigantic" computer network?
Are arteries and veins the equivalent of fiber and CAT-5?
I'd love to be the Cisco rep selling $3 million of new network equipment
to this guy. What is the probability that he as ANY idea what "spanning
tree protocol" means?
Just a data point here, most hospital networks and it departments are headed
by Doctor's. They have to sign off on everything from equipment selection,
platform changes everything. Some have a clew but admittedly its no more
than a self taught clew of the very basics from having 3 servers at home
that their kids use to game. Others have even less. I've personally had to
explain to heads of medical networks that their servic plan is invalid if
they continue to install quake servers on the image archive system. <Hey it
was one of the few oc12 connected servers makes sense right?>
Hospital networks are really frightening and there is no best practices in
place for the most part. There are a few exceptions but in general its
unbelievable.
Do a Google search on John Halamka.
http://www.hms.harvard.edu/office/halamka.html
I suspect he knows more about networks than several posters on
this topic.
Nevertheless, it does show that "stuff happens." I am a bit
surprised it took three days to fix things, but it wouldn't
be unprecedented. Learning how to diagnose problems is hard
for both doctors and engineers. Even more difficult is teaching
people how to design networks for failures. Unfortunately,
many high availability designs make it more difficult to diagnose
and fix problems. Sometimes you are better off with a simplier
design which fails in simple ways.
Thus spake "Scott Granados" <scott@wworks.net>
Just a data point here, most hospital networks and it departments
are headed by Doctor's.
In insurance companies, the networks are run by claims adjusters. In banks,
they're run by loan officers. And in airlines, they're run by unionized
pilots. It's not that the companies even avoid hiring competent people for
the jobs -- it's that competent people refuse to work in such environments.
Hospital networks are really frightening and there is no best practices in
place for the most part. There are a few exceptions but in general its
unbelievable.
The part I find most amusing is how every industry is obsessed with the idea
they're different from every other industry... "Sure, you sell an email
program, but how many *hospitals* or *banks* have you sold your email
program to?" Large bureaucracies' primary goal seems to be imitating the
bureaucracies at their competitors. "Well, what does the WAN at other oil
companies look like? We want that, forget if it meets our needs."
S