It feels like the places where security is of utmost importance like in banking, security cards or health are the worst at doing it.
At least, lack of security of credit cards is understandable as banks are profiting from fraud by charging the victim a fee.
In health? This must stop. It's a failure of regulatory bodies as they throw so much junk policies around that the things that really require attention is just overlooked. The overabundance of paperwork and policies is not improving security, it's keeping away actors that could do way better.
There is the complicating factor that in health, safety can be more important than security: to keep a patient alive in an acute emergency, it is imperative that the doctor can see their data right now, while that fact that third parties can later see the data doesn’t matter too much. The problem is that people tend to use the first aspect as a cheap excuse to do nothing about the second one.
They focus on visible security more than actually securing things. Example: making it very hard for a user to log into a system “because of security “ but not using security certificates to secure their email servers.
At least, lack of security of credit cards is understandable as banks are profiting from fraud by charging the victim a fee.
In health? This must stop. It's a failure of regulatory bodies as they throw so much junk policies around that the things that really require attention is just overlooked. The overabundance of paperwork and policies is not improving security, it's keeping away actors that could do way better.