Hospital equipment is a sector where we need to push strongly for open solutions.
Besides their own security, they are putting people's life in danger.
An informed citizen should have a way to check the running software and that the equipment is working properly. An example is X-ray equipment. In some cases, patients have been exposed to strong doses of radiations because of malfunctioning equipment for more than 1O years. Nobody checked. And then you add the risk of hacking.
Hospital equipment is a sector where we need to push strongly for open solutions. Besides their own security, they are putting people's life in danger.
It's a sector where there needs to be a push for software/hardware quality, period! One of my former coworkers from years ago used to write software for medical equipment. The software ran on the cheapest Windows boards the company could find. There was no standardization apart from window dressing. Attitude of management was to just get it out the door, and it would be fine.
Having worked in hospitals doing network security: They are terribly insecure. They really are a prime example of bad bureaucracy and proprietary software making everything horrible, despite the best of intentions.
This goes beyond network security. Most hospital systems, including hardware and software, are insecure. One of the main reason for this is that hospital staff, especially doctors and nurses, tend to be atrociously bad at technology. One hospital we used to work with had removed passwords on their EMR software for all users because the chief of surgery always forgot his. Their reasoning was that inability to remember passwords slowed people down, and the EMR software was "internal anyway" so what could be the worst case scenario of not having passwords?
Well, there's too sides to this. You can say they're bad at technology, but why hasn't technology made it possible to sign in with voice recognition or some other speedy and foolproof method? I don't want a doctor switching her attention from diagnostic and treatment questions (which, let us not forget, are rather complicated and challenging in their own right, especially in an urgent care situation) in order to comply with some absent programmer's idea of how security ought to work. Why is typing in a password considered the only acceptable method of system access, given the fact of physical hospital security and so on? Why do technologists like yourself think everyone else should adapt to your standards rather than inventing something that meets the particular needs and circumstances of the clients?
One of the main reason for this is that hospital staff, especially doctors and nurses, tend to be atrociously bad at technology.
I remember that med students were early adopters of ePocrates in the Palm PDA era. I think it's more that they are atrociously bad at technology, unless it's particularly useful to them.
inability to remember passwords slowed people down
It would slow people down a lot. Someone needs to sell some sort of zero effort authentication technology for hospitals. (One where a supervising nurse could quickly auth the chief of surgery, because that sort of guy is going to forget his token/device.)