In article <[log in to unmask]>, Andrew Herd
<[log in to unmask]> writes
>This subject came up a while ago, and I have to say that at the time I
>didn't put much emphasis on it, but I challenged someone to prove to me that
>it could be done the other day and he just laid on a demonstration that I
>couldn't argue with at all.
>
>Anyone here got an opinion about how hard it is to hack x400 addresses? It
>seems to me that this could be a vulnerable area for NHSnet, in the era of
>the electronic patient record. In other words, it seems possible that
>someone could impersonate another account holder for the purposes of
>obtaining clinical or other data.
>
>Opinions?
I thought this was one of the advantages of the NHSnet (no ideas on
other X400 networks). Either you have one of those hard auhentication
cards (changes numbers every minute .. we've got one.. ) or you're on
an MTA - and the NHSnet recognises the *site* strong authentication.
I'm sure that, *given access to the apropriate information* , it would
be possible to obtain information.. as it always was... ;-<
Opinion : we need *encryption* - and agreement on who should be able to
access what information for which patients.....
Mary
Mary Hawking Kingsbury Court Surgery Church Street Dunstable LU5 4RS
tel:01582 663218 (surgery)fax:01582 476488 (surgery)
Member of British Healthcare Internet Association
Dunstable and Houghton Regis Locality Commisssioning Pilot
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|