Minimal social engineering plus a weak network security infrastructure is a disaster waiting to happen for any major medical facility.
You forgot to mention probable political infighting. And maybe inexperienced leadership. My favorite snippet from the article is: Dr. John Halamka, the former emergency-room physician who runs Beth Israel Deaconess Medical Center's gigantic computer network. Is a physician, after years of medical school, internship, residency, etc. the right person to be in charge of a "gigantic" computer network? Are arteries and veins the equivalent of fiber and CAT-5? I'd love to be the Cisco rep selling $3 million of new network equipment to this guy. What is the probability that he as ANY idea what "spanning tree protocol" means?
Just a data point here, most hospital networks and it departments are headed by Doctor's. They have to sign off on everything from equipment selection, platform changes everything. Some have a clew but admittedly its no more than a self taught clew of the very basics from having 3 servers at home that their kids use to game. Others have even less. I've personally had to explain to heads of medical networks that their servic plan is invalid if they continue to install quake servers on the image archive system. <Hey it was one of the few oc12 connected servers makes sense right?> Hospital networks are really frightening and there is no best practices in place for the most part. There are a few exceptions but in general its unbelievable. ----- Original Message ----- From: "Bohdan Tashchuk" <tashchuk@easystreet.com> To: <nanog@merit.edu> Sent: Wednesday, November 27, 2002 4:39 PM Subject: Re: Spanning tree melt down ?
Minimal social engineering plus a weak network security infrastructure is a disaster waiting to happen for any major medical facility.
You forgot to mention probable political infighting. And maybe inexperienced leadership. My favorite snippet from the article is:
Dr. John Halamka, the former emergency-room physician who runs Beth Israel Deaconess Medical Center's gigantic computer network.
Is a physician, after years of medical school, internship, residency, etc. the right person to be in charge of a "gigantic" computer network? Are arteries and veins the equivalent of fiber and CAT-5?
I'd love to be the Cisco rep selling $3 million of new network equipment to this guy. What is the probability that he as ANY idea what "spanning tree protocol" means?
Thus spake "Scott Granados" <scott@wworks.net>
Just a data point here, most hospital networks and it departments are headed by Doctor's.
In insurance companies, the networks are run by claims adjusters. In banks, they're run by loan officers. And in airlines, they're run by unionized pilots. It's not that the companies even avoid hiring competent people for the jobs -- it's that competent people refuse to work in such environments.
Hospital networks are really frightening and there is no best practices in place for the most part. There are a few exceptions but in general its unbelievable.
The part I find most amusing is how every industry is obsessed with the idea they're different from every other industry... "Sure, you sell an email program, but how many *hospitals* or *banks* have you sold your email program to?" Large bureaucracies' primary goal seems to be imitating the bureaucracies at their competitors. "Well, what does the WAN at other oil companies look like? We want that, forget if it meets our needs." S
On Wed, 27 Nov 2002, Bohdan Tashchuk wrote:
Dr. John Halamka, the former emergency-room physician who runs Beth Israel Deaconess Medical Center's gigantic computer network.
Is a physician, after years of medical school, internship, residency, etc. the right person to be in charge of a "gigantic" computer network? Are arteries and veins the equivalent of fiber and CAT-5?
Do a Google search on John Halamka. http://www.hms.harvard.edu/office/halamka.html I suspect he knows more about networks than several posters on this topic. Nevertheless, it does show that "stuff happens." I am a bit surprised it took three days to fix things, but it wouldn't be unprecedented. Learning how to diagnose problems is hard for both doctors and engineers. Even more difficult is teaching people how to design networks for failures. Unfortunately, many high availability designs make it more difficult to diagnose and fix problems. Sometimes you are better off with a simplier design which fails in simple ways.
participants (4)
-
Bohdan Tashchuk
-
Scott Granados
-
Sean Donelan
-
Stephen Sprunk