There are many health-oriented companies and products I can think of that are managed by over-networked systems and could risk immense public safety. First off, EHR systems like Epic are a great example of systems that could risk immense public safety if they were to be hacked. EHR systems contain essentially all data related to an individual’s health, including their medications, treatment plans, allergies, immunization dates, health conditions and diagnoses, personal and family medical history, radiology images, laboratory and test results, etc. It is important to have EHR systems like Epic in order to have a centralized database of a patient’s health and healthcare information that can be updated immediately, provide an entire, whole picture of someone’s health and healthcare, and can be easily accessible and shared between various doctors and health systems in order to more easily coordinate efficient care for the patient. Without EHRs, doctors would spend a lot more time (and money) recording and tracking down a patient’s health-related information and patients would not receive care as quickly due to health documents having to be scanned/faxed to different doctors for instance. Therefore, I think that a patient’s health information should be digitized and located in a central, digital location online, but I think it is extremely vital to the patient’s safety and privacy to guard this information and this centralized hub of patient data. For instance, if someone were to hack into an EHR system, they could have access to any individual’s health information and then use that to blackmail them/get money from them or to inform the individual’s employer or insurance provider of a health condition the individual has. This could lead to the employer firing the individual and/or the individual’s insurance provider to not offer them insurance any longer or to raise their insurance rates. The person could also potentially change the individual’s health data in the EHR system and mess with the person’s medications/treatment plan in a way that could harm the health of the patient. Another similar company/product that would risk public safety if it were to be hacked would be genetic testing platforms like Ancestry.com or 23andMe. These companies have access to people’s unique, identifiable genetic data that could also be hacked into and used as blackmail or given to an individual’s employer, insurance provider, or even a police department. These platforms, for these reasons, should also be heavily guarded to ensure people’s genetic data is safe, kept private, and only used for the intended purposes.
Without Sara’s input and the CEO’s acknowledgement of her input, the company would have continued to spend money on more digital solutions like intrusion-monitoring/security systems creating an even more over-networked system of valuable information, the consultant never would have been hired and the four pathways into the company’s network would not have been identified, and the idea to add trusted humans and take some info/data offline would never have been seriously considered and potentially implemented. Without the woman speaking up, further ransomware attacks may have occurred leading to more money and data loss and a public health catastrophe also may have occurred as a result of a hacker messing with their control systems. Sara challenged the hierarchical assumption that she shouldn’t speak up over her COO boss in a company meeting. She also challenged the technical assumption that only people directly involved in the technical components of the company should be able to speak up about possible solutions to reorganize and protect the technical infrastructure of the company. It was important that Sara challenged these assumptions so that Chad and the rest of the company could think about a solution they hadn’t seriously considered and to more generally get people think differently about and take a step back from the overarching problem.
