| It's
relatively easy in most e-mail programs to pretend you're someone
else, to the extent that this type of subterfuge has now progressed
to fraud and bullying.
We have all
probably received those e-mails asking us to verify our account
details with our bank.
Unwitting participants in this fraud have had their bank accounts
drained, and collectively, this has amounted to millions of dollars.
Most of us
would still be receiving the Nigerian scam letter asking for assistance
to transfer a large sum of money for a fabulous $ commission (your
Internet banking details required first of course).
It is hard to see people falling for this, but it evidently still
occurs.
Bullying occurs
in a number of ways.
Recently,
a UK Internet operator had a business website which contained
anti-spam software, to filter out mail houses relaying spam.
He had his livelihood destroyed, when a fake e-mail, allegedly
sent by his organisation, was circulated as a spam mailing.
Fileservers around the world automatically blocked his domain,
and his income plummeted.
Another method,
commonly employed by porn site operators, is to circulate their
unwanted material using the e-mail addresses attached to anti-porn
websites.
The victims have their communications disrupted by anti-spam software,
but the porn operators get their message out a number of times
before a block is enforced.
Recently,
a Sydney Jewish school had their site hacked by an anti-Semitic
group, with the result that government agencies began receiving
false e-mails, accusing them of bringing down the site.
More worrying are the cases where e-mails have been sent to anti-paedophilia
groups, accusing them of being involved in the very acts they
are opposed to.
In the UK, on three separate occasions, British men had their
faces splashed across TV, until it was realised that they had
been set up.
Even though
government departments and agencies, as well as major corporates,
have strict protocols on the use of their e-mail systems, there
is still potential for misuse.
The digital
footprints generated by illegal e-mails can be traced, but it
requires some expertise to unravel sufficient evidence to present
to a court of law. With the current epidemic of spam, local investigative
resources would be overwhelmed. Large volumes of spam have recently
affected Telstra Big Pond Internet service, where the system simply
stopped because of the sheer weight of numbers. Telstra initially
would not admit to the problem, and we had the flow-on where e-mails
were lost totally, or not delivered on time, causing major disruption
to a range of businesses.
Telstra lost a lot of business over this particular problem, even
having to refund some of its clients
The current
Australian legislation, in the form of the anti-spam bill before
the Senate, is seen to be a token only.
Criticised by various experts, it seen by them as being doomed
to fail, because it does not support standards to create a secure
digital framework. It is simply developing policies around spam,
which will not prevent it from happening.
Now, given
the climate in which this inadequate legislation is being produced,
plus the daily epidemic of virus and spam, how long will it be
before health systems will be penetrated and disrupted?
This has already happened to the NSW Health e-mail system within
hospitals, with valuable IT personnel being pinned down for up
to two weeks trying to eliminate two viruses, and hospital employees
becoming frustrated, because their system was down for the same
period of two weeks.
Penetration of a major electronic health system has the potential
to be life threatening (if information is altered or omitted)
and to cause loss of consumer confidence (if spurious information
is circulated about the character of individual health professionals).
Privacy can be breached inadvertently through virus infection.
Already we
have seen the "Bugbear" virus being initially able to
penetrate most of the popular anti-virus software and then setting
about corrupting the e-mail address book to forward documents
that you thought were safely stored on your desktop (to adresses
not entitled to have that information).
What if a new super-virus is developed to do the same thing, but
much better, and you find that your medication reviews and care
plans are circulated and recirculated, to e-mail clients around
the globe?
Accompanied with the virus attached, it would keep on infecting
until eventually eliminated by a new anti-virus protection, but
possibly too late to prevent privacy and legal damage.
Even electronic
prescriptions will be at risk when they eventuate through PBS
Direct, sometime after 2005.
Although government health systems will have encryption to protect
the information, some experts are saying that the standards are
compromised, even before they are launched (insufficient key strength,
key circulated from a central point giving access to others, plus
new, and more powerful number-crunching computers available for
hacking).
Local Divisions
of General Practice have been consulting with a number of security
experts before committing to a system.
The advice received to date is not to be part of a major network
i.e. to keep any communications network limited and local.
The reality
is that commercial e-mail is usually generated between a small,
but select group of people.
In the case of a pharmacy, it would be between local doctors,
nursing homes, hospitals, HIC, other pharmacists and perhaps accountant,
solicitor and stockbroker.
In other words, the total number of recipients for your communications
could be contained in a relatively small address book.
For business purposes, the primary electronic communication system
should not be connected to the rest of the world, and it should
not be e-mail.
E-mail should be reserved for other communication and should be
a secondary system.
Just think about it.
E-mail has
to be propped up with a number of supportive systems, which adds
to system costs considerably.
We have the first line support as anti-virus software (without
e-mail we would not have the need for this software), the second
support system is the mail filter or "washer".
This is so you can tag spam or other unwanted e-mails and at least
edit them before you have to download from the fileserver.
Now we see Microsoft adding a security program (Smart Screen)
to protect the Microsoft Operating environment.
The first module is aimed at spam, while future modules will look
at ways to prop up corporate networks.
And so it
goes on.
E-mail, despite its popularity, is on the road to redundancy.
It's a bit
like a doctor prescribing a drug that needs a range of additional
drugs to control the side-effects of the primary drug. Eventually,
you need a full medication review which may resolve the problem
by suggesting a better choice of primary drug.
This analogy
should not be lost on pharmacists, and I am trialling a piece
of software which may provide the answer to most of the problems
above.
It is an Internet document exchange, and while it has physical
similarity to e-mail, it is definitely not e-mail.
It uses a high level of encryption, and once encrypted, a document
cannot be altered.
The system also provides document registration, which means it
can be accepted as evidence in a Court of Law (e-mail cannot,
because of the problems already noted).
The private key is generated on your own desktop, offering absolute
security.
The software is designed to act as a virtual private network among
a certified group of users, therefore it satisfies the criteria
of being able to create a small, local network, with a high degree
of security.
All documents and files can be accepted, and be in any format
(including HL7).
What is received in the system is delivered at the other end,
so already it has the technology to provide a seamless connection
between two unrelated systems e.g. a script writing system and
a dispensing system.
Spam is unable to enter the system, and even if a rogue member
of the system wished to abuse the privilege, global sending of
messages and documents can only be done with permission by the
system administrator.
Otherwise, it is just one-on-one.
There are
many other features involving storage and searching of documents,
also the ability to manage internal communications using shared
keys. A shared key is a key that can be given to a trusted employee
to assist you in your communications management.
Documents sent or received using a shared key can be viewed by
a proprietor/manager, but the employee cannot see documents generated
by the proprietor/manager.
While this
system may be a little in advance of current requirements, pharmacists
should be looking towards securing all their internal communications
and looking to eliminate the fax machine completely (it is now
"old technology").
A whole new line of activity, termed "Information Management"
(IM) is about to cause more activity in pharmacy. Coupled with
Information Management is Security Management, and your business
will require a security audit.
Better now than after the first attack.
Concern should exist, because this is extra work.
But get the right IM system in place, and communication begins
to work for you.
The right system should have the capacity to reduce total workload,
save on costs, and interface with as many other IT systems as
is possible.
This will take time, but it is worth investigating now so that
you have sufficient information to base future Information Management
decisions on.
Anyone interested
in the document exchange software should contact admin@computachem.com.au
for information.
Have
a Merry Christmas and a Happy New Year
 ...Peter
Sayers
|
.jpg)
