# [Beowulf] Wired article about Go machine

Robert G. Brown rgb at phy.duke.edu
Thu Mar 26 07:42:52 PDT 2009

On Thu, 26 Mar 2009, Leif Nixon wrote:

> "Robert G. Brown" <rgb at phy.duke.edu> writes:
>
>> Not only are they told what to do -- in banks in particular, they cannot
>> make ANY CHANGE in ANY COMPUTER SYSTEM associated with the actual
>> banking process without going through an extensive and expensive
>> auditing and certification process.
>
> As in health-care. Which is why you get hospitals with
> Conficker/Downadup running rampant through medical equipment with
> embedded Windows systems. Basically, you're not allowed to patch them
> without FDA approval.
>
> That's scary.

Um, I don't believe that this is the case, and I say this as a semi-pro
consultant in health care.  Most hospitals probably do something along
these lines as part of the standard CYA, but the regulations, especially
HIPAA, are "due diligence" recommendations with an amazing {\em lack} of
specification.  You can pretty much do whatever you like, but heaven
confidentiality.  At the very least you'd better be able to show that
you tried hard to keep things secure...

This leads to an extremely wide range of IT practice in the EMR
revolution that congress has more or less mandated as a condition of
getting paid for medicare and medicaid.  Very small practices run
whatever they can manage, usually a small/cheap EMR on a Windows server,
with virtually unsecured Windows clients -- again, pretty much whatever
Windows systems one happens to own, with whatever mix of Win95 on up on
systems up to 8 or 9 years old that happen to be lying around.
Seriously.  No regulation, no government certification process, no full
time IT staff -- if you're lucky (or hire a good consultant:-) they'll
figure out that they need actual antivirus on all of their systems,
regular Windows updates on their server and clients, and that they
shouldn't use WEP on their over-the-counter wireless network.
Intermediate practices (like the one I do most of my consulting for)
start OUT like that -- it had a 10 year old SOLARIS x86 server and a
truly terrifying mix of PCs when I started out (and the Solaris server
is still running, sort of, under a desk, 4 GB hard drives and all -- go
figure:-).  Now it runs with locked down linux servers running vmware,
a mix of linux and windows vm servers (including the primary EMR under
LINUX, thankfully, data relatively protected) and I still view the
goddamn WinXX PC clients to be the weak link in the security of the
whole system, but we have no choice.

Only hospitals are as slow and ponderous as you describe (my sister
works for ex-A4healthsys, and has been doing hospital systems for close
to 20 years now).  They aren't ponderous because of the need for
certification, but because they are ponderous and because of the expense
of change.  Which is what keeps my sister in business, basically -- she
goes around and messes with the infinite problems in the legacy hospital
management suites running on antique hardware being managed by
borderline incompetents when the original authors of those suites are
long since gone, the operating systems are no longer supported, the
hardware is obsolete and breaks a lot, and the underlying database is
something of dark evil.  Believe me, I know, as she bends my ear a lot
and asks me for help with perl scripts designed to scrape the data out
of this or that nightmarish interface.

rgb

>
> --
> Leif Nixon                       -            Systems expert
> ------------------------------------------------------------
> National Supercomputer Centre    -      Linkoping University
> ------------------------------------------------------------
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu