I was at the doctors office last week for a checkup and was appalled at the data security. First off, their networking closet is actually a closet. I know its the data closet because the door was wide open, and the door was wide open probably because it doesn’t have proper ventilation for the servers and networking gear. Strike one.

Strike two came when I was waiting for the doctor in the examination room. The nurse first came in and logged into the GE medical history software (the actual machine was already logged in, didn’t check to see if it was logged in as administrator but I bet you anything it was/is). Then she left the room. Left the room with the software that contained every medical record of probably every Beth Israel patient logged in. At this point I was a little freaked out, but was happy to see that at least it timed out after 5 minutes of inactivity and logged the nurse out. Oh that and the computer in the room was totally unlocked, I had full physical access to the machine for a good 15 minutes totally unattended. I could have done anything to that machine.

Then strike three came while I was getting blood drawn. Since the office is so small the label printer for samples is in the same room as the “collection” seat. So I sat in the seat and glanced about the room. Then the technician that was drawing my blood and preparing the samples sat at the computer terminal, which is plainly visible to anyone in the waiting room and anyone sitting having their blood drawn, and started to look up my information. There in a list of maybe 6 other people were my DOB, my social security number, my mothers maiden name, and my address. Plenty of information to steal my identity. Not only that but the other records on screen contained the same information for other patients. Great!

Needless to say I was stunned mortified. Actually so mortified that I totally neglected to complain, but how do you even complain about something like that to your doctor? I’m sure they do the best they can, and that their IT department is probably mostly to blame for letting the security get so lax.