* Posts by T 7

21 publicly visible posts • joined 7 Sep 2018

Lantum S3 bucket leak is prescription for chaos for thousands of UK doctors

T 7

Re: Lack of consequences

I was recently contacted by a locum agency. Based in Milton Keynes. They are always based in Milton Keynes. I had never heard of them before so I asked how they got my data.

The response is below. There is wholesale transfer of information by recruiters between agencies. I have complained to the agencies, to the ICO to everyone. No one gives a damn.

Thank you for getting in touch regarding the issue with my colleague XXXX.

My name is YYYY, I am the director for the doctors division with ZZZZ.

I have looked into this issue and have come across an error made by a previous recruiter that is no longer with the business. I believe he may have spoken with you at a previous agency and wanted to add you to our system which we were not aware of.

This didn’t happen in the end, but he made the error of adding your email address to another of our working candidates profiles which meant you received this email mistakenly.

I really do apologise for the inconvenience and stress caused by this, we had no other details for you on the system and the email address was only held unknowingly on an incorrect file.

I can assure you this has now been removed and rectified. Thank you for bringing this to my attention and please give me a call if you have any other questions.

Have a great week & take care.

Another RAC staffer nabbed for storing, sharing car crash data

T 7

I'm amazed the ICO took the slightest bit of interest. Not because of the seriousness of it, but because the ICO seem to me to be entirely uninterested in the kind of low level day to day data theft / exfiltration that goes on routinely across the land. Fair play to them. I shall up my opinion o them by a notch.

Crypto craziness craps out – and about time too

T 7

Re: Blockchain next..

I agree. Take medical records for example. A hash is created every time the record changes and that hash incorportates the previous 'block' as well.. That hash is stored with 3 trusted blockhain providers. This allows a chain of evidence such that if the record is tampered with, it is clear that the chain involved in 'building' that record has been altered. Shipman was caught from altered records.

There will be multiple other use cases where document trails and chains need to be clear. This is a great idea. Is it any more secure than a central database, or worth the extra hassle, that I do not know.

British Airways flights grounded due to glitch in flight planning app

T 7

Sounds like Technical Issues Throw Spanner Unto Plane

Inadequate IT partly to blame for NHS doctors losing 13.5 million working hours

T 7

You are right. It's not hard. PC / HPC / PMH / Meds / Allergies / Social History.

Any number of diagrams that have come to be used as medical shorthand

Risks / Benefits types of blood tests, specific diagnoses etc etc etc

Remind me how many SNOMED categories there are?

T 7

By calling my mobile, or emailing me. Mainly emailing as mobiles do not work in the operating theatres (reception rather than any concerns about interferance)

Or coming to see me in any one of the 20 operating theatres I might be in after looking at the rota. They do not assume I am sat in the office, or in the place I was in for 10 minutes, 3.5 weeks ago.

T 7

The ward managers do not work every day. Long days means they work 3 days a week. The matrons cover several wards. The ward doctors are a team. We are not 9-5 teams. Operating theatres have different staff in then every day.

The solutions should fit our working patterns and normal practices.

T 7

Re: another closed system with no upgrade path

Exactly this.

Like what openbanking has done for bank back end / front end separation, let’s see the same for healthcare.

T 7

I'm going to have to call out some of this.

I report computers all the time. The rpeorting system is based on the idea that I use a single computer. As an anaesthetist I report computers on Ward A not working. I leave ward A's phone number. IT support call back 2 hours later and as they cannot speak to me on Ward A, the ticket is closed. I am now in the operating theatre giving anaesthetics. I have also had IT support come to the anaesthetic department to fix computers on Ward Z. Because I am an anaesthetist, the ticket must relate to the computers in my office.

I use >5 computers a day. Every day. The reason people do not report is because when they do the problem does not get fixed, and I have to chase up all the 'closed' tickets

We are on the same side but I think we probably do not appreciate how each other works

T 7

I am an NHS Consultant Anaesthetist.

We do not have tap and go at work. So as I see patients prior to the operating list, who are spread far and wide, I have to log on seperately at each computer.

Approx 20% of COWS (computers on wheels) are in graveyards on each ward.

I do not understand it but if too many people log onto a computer, the profiles build up and the computer slows down. So they need a wipe (hard drive, not clinell) every now and then. WTF are we wheeling round unwieldy machines with terrible battery life when the rest of the world has moved to fondleslabs.

Mice are attached by the shortest possible usb leads and have large weights along the lead that makes them very difficult to use.

Wifi is patchy at best.

We use cerner. The UX comments above are bang on the money. There have to be better ways streamlining common workflows rather than a one size fits no-one approach

And it's not like getting data out for operational improvement is much easier.

There is a wholesale lack of ambition and funding.

Most of what we do is the same. Nurses in pre-op admit pateints to pre-op and do pre-op checks. They then discharge patients. A lightweight web based API driven website, with decent UX that tied into the cerner backend would be a game changer for them.

Healthcare seems to have got caught up in an 'AI' (let's not expand on that one!) driven 'big data' drive and completely forgotten the basics of trying to run a high turnover business. The NHS is easyjet, not BA first class, and we need the technology to drive that level of required efficiency. At the moment it drags us down.

BOFH and the case of the disappearing teaspoons

T 7

In the nhs we’ve been investigating this for years


UK hospitals lose millions after AI startup valuation collapses

T 7

Re: Heads should roll

Oxford has not had a lot of good luck with Information Officers:

A former chief information officer has admitted a charge of fraud after lying about having a degree, a court has heard.

Peter Knight, 53, was chief information and digital officer at Oxford University Hospitals NHS Foundation Trust from August 2016 until September 2018.

Algorithm used to predict sepsis in hundreds of US hospitals isn’t as good as maker claims — study

T 7

“A better approach for the software would be to use a model that analyses healthcare symptoms defined by health agencies, such as the US Centers for Disease Control and Prevention, rather than just relying on billing codes, it would seem.”

Amazing at it seems, as a consultant in the NHS I make diagnoses all the time without needing billing codes.

In fact I spent a long time answering exam questions about sepsis without once resorting to billing codes.

All this data is stored within our Cerner behemoth. If only we knew how to get it out clinicians might not need AI / startups and lots of money.

East London council blurts thousands of residents' email addresses in To field blunder

T 7

I work in the NHS. CC email to over 800 people including multiple external donains. DPO told me is was fine as everybody on the list had consented. I had not.

I reported it to IT. Using an internal email address. Unbeknownst to me that address belonged to a contractor. I was then accused of causing the data breach myself. By divulging my concerns to IT support.

I gave up at that point abd realised as above, that nobody gives a care

No Wiggle room: Two weeks after angry bike shop customers report mystery orders on their accounts, firm confirms payment cards delinked

T 7

I think it is rather optimistic of the hapless souls that have been charged to think that the goods will be delivered to the fraudsters. Wiggle use Hermes, which is why as a lycra-clad carbon bike riding not quite MA-MIL I left them and asked them to delete my data last year. Any fraudster relying on hermes to deliver their ill gotten wares might need to reconsider their plans.

A cautionary, Thames Watery tale on how not to look phishy: 'Click here to re-register!'

T 7

Phishy fishy FISH

I get regular emails to my nhs.uk account asking me to open the attached encrypted html file. They are genuine, from ESR, the electronic staff record people. The thing is, no matter how hard they scratch their heads, peeps cannot work out how wannacry got into the system and why people felt safe to click such emails.

If the good guys continue to engage in bad guy practice, the end user won't know which emails to trust and which not to. And I have reported at least 2 unsavoury emails to Trust IT departments that were truly bad.

That was some of the best flying I've seen to date, right up to the part where you got hacked

T 7

God forbid the pilot was female. "Basically, we're trying to give the pilot the information about what's happening internally on his aircraft in real time,"

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

T 7

Re: Connectivity ?

Maybe so on a general ward, but a very different picture on intensive care. There is a lot of data collected into ICU electronic records and I have no problem with that being done electronically. But the system should be designed from the perspective of a bad actor, not left wide open for updates over the network.

Alarm / alert fatigue is a massive issue in hospitals. One case I am aware of involved 27 people clicking through an alert about a critical missing medication.

Central notification is not all bad. ICU nursing is 1 nurse: 1 patient. But sometimes they need to help each other out with rolling patients or dealing with a deteriorating patient or checking drugs. Having alarms centrally monitored as well gives a degree of redundancy that is entirely appropriate.

It is 2018 and the NHS is still counting the cost of WannaCry. Carry the 2, + aftermath... um... £92m

T 7

Ah yes. NHS IT. Every April I get sent a 'secure message' from an external email address that asks me to open the html attachment to read the message. The thing is, it's genuine. So our IT department says - sure go ahead. Then we wonder why people open html attachments and spread malware.

<facepalm />

I want to buy a coffee with an app – how hard can it be?

T 7

I really hope you never have to use NHS IT. I mean, it's not like lives depend on it.

HTTPS crypto-shame: TV Licensing website pulled offline

T 7

The same happened with my flat managing company (Warwick Estates since you weren't asking). They were using zendesk chat and had hardcoded "http://" meaning all chat was unencrypted. They had no idea what I was talking about and it was only when I went to zendesk and got them to confirm it, they actually changed it.

Similarly, NHS jobs, until 2 weeks ago, was doing passwords and logins in the clear.

Last year I found the same with credit card details for bookatable. Again, hardcoded 'http://' on a 'back' button.

I am not even an IT professional. This kind of stuff is everywhere.

Naturalky no one has ever thanked me. But I'm not in this for the praise.