Quote:
Originally Posted by psicodude
Because it's difficult and expensive. Medicentre has 16 locations (AFAIK) and probably over 100 staff. Building an application to support that sort of scale takes a lot of time and probably more than $1 mill. My guess is that their executives weighed the importance of keeping this sort of data confidential versus the cost and decided to take the risk. It happens everyday in private industry (Sony, for example).
Besides, just because it's "on a server" doesn't mean it's a whole lot more secure.
|
The server doesn't walk away that easily, but you are right the attack surface is likely almost as large on a whole. The simple solution is to build a good backend with a web interface and a solid VPN connection to each location.
The main issue I have, is to have such data on a laptop and not use at least *some* type of encryption. It is reckless, plain and simple.