Steven P
October 30, 2024

I worked as a general IT guy for a behavioral health/addiction clinic. I started as a consultant but finally moved to part-time on call worker so I could be protected by their liability insurance rather than having to cover myself. Plus I was worried if there was a breach I would be inside the corporate wall rather than outside.

I had big problems with vendors. The first EMR company we had, I broke down and yelled at them for the first time in my career. I saw a note asking the receptionist to gather up everyone’s password so the vendor could update their client software. When I told them that was a violation of basic network security nevermind HIPAA regulations, they said “well it’s just easier that way”. I told my boss and I finally decided to quit when I realized the clinic needed that software more than they needed me. I wasn’t around enough to keep tabs on them and I didn’t want to deal with any fallout from their shoddy security practices. Other vendors were either asking to install software on our network or open ports in the firewall so they could remotely access their devices.

That was a small practice without even a full time IT person, these big companies that can afford good cybersecurity teams and equipment have no excuse.