This line is telling. I can assure all readers this is another reddit hoax.
First, one does not simply "Download Cerner". This is software built in essentially visual basic, and requires an incredible amount of tinkering with Windows to run. Oh and it's "rewritten" at least 12 times before abandoned, but somebody sold it to a customer anyway. Most hospitals "run" Cerner software via Citrix because of it's immense sensitivity and finickiness. Simple renaming a folder on your desktop can break the software (if you think I'm joking, I'm not). So yeah, if you actually managed to get the software 'installed' you probably deserve a Turing award. It's not like you can download an MSI and bam, cerner. You're going to be copying files, hex editing, reg-editing, installing/removing hundreds of windows fixpacks, and reformatting frequently when you screw it up.
Next, Cerner software is built in thousands of [ironically named] "solutions", all decided by the LPOW (loudest persons opinion wins) or HIPPO (highest paid persons opinion wins). A bunch of processing might be done on the client, in an obscure dll that a muppet built once and lost the source for, then some sort of passed to the server via some 15 year outdated IBM MQ series code, using a custom marshalling format some dolt invented and thousands of poeple have fiddled with and broke. The point being, even if managed to get the software installed, which would be a fucking miracle in itself, even Cerner employees can't get it to talk properly. More than likely because some clown invented a new IP protocol because he didn't like TCP or something, or OpenVMS explodes when sending UTF8 and your computer won't speak whatever charset it uses without installing a custom driver written in vb.net v1.3.
So yeah, not even in the world of possibility. Arguably most secure hospital system on the planet because it's so crappy, nobody will use it, and no sensitive information ends up in it.
Brilliant description of cerner. You are eloquent.
But why do you dismiss it?
is it that unbelievable to call it a fake? Im speculating and asking you to explain to me why I am wrong.
So that an offshore tech co in Chennai is charging $9 per helpdesk ticket cannot adequately solve any of these issues. The co is basically just collecting money for punting and rewarded for delivering unhelpful appeasement answers, closing tickets early to meet revenue quotas! Then after the cio quit the beancounter "had enough" and fired chennai co after some incident where it took 12 tickets to install a printer driver for the ceo (and it still doesn't work).
The person who made the decision ultimately is Fed up with everything, and now is just going to scratch the match, to hell with the consequences, in an impossible situation.
The head it person is living paycheck to paycheck, everything is an IT problem, they are too busy doing iso27001 & hippa compliance meetings, but they also have a mortgage and are interviewing someplace else and just hoping to get out before it burns (without realizing or caring about the criminal consequences, like people dying).
We can't underestimate hpw Americans are exceptional at relying on Hopes and prayers, divine intervention, believing it will be fine.
Im a us expat living in Australia. Formerly engaged to a Us nurse (pre covid). Imho Us healthcare is so royally screwed and this is predictably exactly what happens when ends can't be met.
No competent IT person during the modern antiwork movement is going to voluntary sign up to work in that cerner environment you described! so what else is the small understaffed hospital to do as the system breaks and melts down? Hospital administration is a clusterf*ck, they really don't care about anything because a us hospital is a business and each hospital must solve their own problems in an increasingly complex it situations.
The us healthcare system patient outcomes are already worst in the world for 1st world economies. Stories like this are indicators, and generally my opinion is that the us policies are unsustainable and is near a tipping point that could end in collapse.
My point is that this story doesn't seem improbable, especially in a poor state.
I speak only to Cerner's development which is "unsustainable", but... like a zombie that keeps coming back to life... here it is.
> that the us policies are unsustainable
When everyone in a country, take Sweden or your small EU country, has a national identify and culture, it's very easy to put together national services like a functioning health care system. As your culture becomes diverse, and people do not have a strong national identity, or identify primarily on racial lines, political lines, running any services seems to lead to one group thinking another group is getting favored unfairly by another group.
I don't have an answer other than what works in European countries will likely not work here :/ We're kind of on our own to figure it out.
I don't think the person writing is in IT, and people on r/sysadmin said the only way to license Cerner anymore (unless you pay a huge fee) is cloud-hosted Citrix. They probably meant "download Citrix to get to Cerner", but it was billed by IT as "Download Cerner" because the delivery mechanism isn't relevant to the nurse who has to install it.
I recall doing an internship at a hospital when I was younger and seeing how finnicky Cerner was to administrate. No thanks. Wouldn’t go near that regardless of pay. What a terrible piece of software.
If you are an attacker, all that is necessary is to compromise one device. Super easy by comparison to a locked-down corporate device, and you are off to the races.
All a vengeful IT staff member has to do is name and shame the hospital. It would be a sign screaming "attack me." It would probably be as easy as leaving some flash drives in the parking lot.
It’s genuinely stunning that we’ve found — on the internet — a scenario of actual potential HIPPA violations (as opposed to scenarios made up by mentally ill politicians to avoid answering questions, and ceaselessly parroted by their followers). But, yes, the time has come. Amazing.
HIPAA (not HIPPA) violations are common. Not all mandatory reports get made and even then ~2 of the largest >=500 class violations are reported each day totaling hundreds of millions of records per year.
I spent ~10 years in healthcare IT infrastructure (mostly server and network) at various places. Even the well funded ones with competent management and established IT have occasional breaches. And a lot of healthcare places don't have either of those things.
The original post should go to /r/whatcouldgowrong :-(
How is this anywhere close to legal?
(Not the layoff but the BYOD policy for accessing sensitive patient data) .
This line is telling. I can assure all readers this is another reddit hoax.
First, one does not simply "Download Cerner". This is software built in essentially visual basic, and requires an incredible amount of tinkering with Windows to run. Oh and it's "rewritten" at least 12 times before abandoned, but somebody sold it to a customer anyway. Most hospitals "run" Cerner software via Citrix because of it's immense sensitivity and finickiness. Simple renaming a folder on your desktop can break the software (if you think I'm joking, I'm not). So yeah, if you actually managed to get the software 'installed' you probably deserve a Turing award. It's not like you can download an MSI and bam, cerner. You're going to be copying files, hex editing, reg-editing, installing/removing hundreds of windows fixpacks, and reformatting frequently when you screw it up.
Next, Cerner software is built in thousands of [ironically named] "solutions", all decided by the LPOW (loudest persons opinion wins) or HIPPO (highest paid persons opinion wins). A bunch of processing might be done on the client, in an obscure dll that a muppet built once and lost the source for, then some sort of passed to the server via some 15 year outdated IBM MQ series code, using a custom marshalling format some dolt invented and thousands of poeple have fiddled with and broke. The point being, even if managed to get the software installed, which would be a fucking miracle in itself, even Cerner employees can't get it to talk properly. More than likely because some clown invented a new IP protocol because he didn't like TCP or something, or OpenVMS explodes when sending UTF8 and your computer won't speak whatever charset it uses without installing a custom driver written in vb.net v1.3.
So yeah, not even in the world of possibility. Arguably most secure hospital system on the planet because it's so crappy, nobody will use it, and no sensitive information ends up in it.