This morning, I went to the doctor for a scheduled appointment. While she was looking at the results of blood tests from two years ago on the screen (and suggested repeating them for a follow-up), I
This morning, I went to the doctor for a scheduled appointment. While she was looking at the results of blood tests from two years ago on the screen (and suggested repeating them for a follow-up), I
This morning, I went to the doctor for a scheduled appointment. While she was looking at the results of blood tests from two years ago on the screen (and suggested repeating them for a follow-up), I realized she was using Windows 11. A detail came to mind. The doctor is extremely polite and friendly, so I asked her, "How do you handle the feature called Recall?" The doctor was taken aback and had no idea what I was talking about. I was about to drop the conversation, but she, being a serious professional, immediately called the technicians who manage their PCs to ask for clarification. They downplayed it, saying it's not an issue and that it's a feature "on all PCs, so we can't do anything about it." She started to express that she didn’t like it and wanted it deactivated. No luck: they won’t proceed because, according to them, even deactivating it is "a hack that could compromise future updates." She’s furious and will talk to her colleagues and the decision-makers. She wants secure systems because "there’s patient data involved."
In reality, patient data is stored on servers (which I haven't investigated), but everything that appears on the screen is, in my opinion, at risk.
I’ve offered to help them find a solution—because, if I'm right, all they need is LibreOffice and a browser. In that case, I’ll suggest one of the *BSD or Linux systems and do it for free.
I don’t want to make money off my doctor. I just want patient data to be (sufficiently) secure.
#IT #Recall #Windows #OwnYourData #Security #Privacy #RunBSD #Linux
@[email protected] Recall is not released yet. Only Windows Insider with a Dev Build can test it at the moment. Recall is completely offline and needs a special NPU chip to work. And on top of that, you can deactivate Recall in the settings. I tested it. So this doctor does not have Recall on the PC and nothing is collecting any data.
@[email protected] How about
C:\Windows\System32>Dism /Online /Disable-Feature /Featurename:Recall
? It's not productive on a European pc, so I can't try that, just read about it and wrote it down for some moment@[email protected] I don't know - I'm not managing that PC and don't want to mess with someone else's work 🙂
But, if possible, I'd get rid of Windows there 😆
@[email protected] how do you recognize Win11? I haven't even seen screenshots, and last windows I honestly touched was ME, with some glances at Win... 7? from my ex.
@stefano using Windows to browse a hospital web and edit some documents is like driving a 1-ton truck to buy bread in a corner shop.
She could use less than a half of computing resources and energy, yet achieve the same without Windows 11.
I can understand why Windows is popular in home computing. But at industry level? Do they use kitchen knifes to perform surgery too?
@[email protected] I agree. the problem isn't the doctor, here. The problem is that the (small) shop that is providing and maintaining those PCs is treating them as a normal, home installation
@stefano Weird. Isn't it clear to the clinic that they're also bound to follow a guide to good practice for information security in handling personal health data?. Haven't they heard about the GDPR?.
What's worse, don't they realize that their insurance company will have a clause in the contract to screw them over if they mess up like this?
@release_candidate
@[email protected] Recall is still a preview feature in the Insider build and it requires compatible hardware. Also, it is disabled on enterprise installs.
@[email protected] the doctor's PC isn't an enterprise installation, but a normal Windows installation, on a normal PC. GPs aren't a part of enterprise systems, here
@[email protected] It seems easy to uninstall and turn off https://www.windowscentral.com/software-apps/windows-11/how-to-disable-windows-recall
@[email protected] I'm confused, afaict, even on a non-enterprise install, it can still be deactivated in system settings by the local user.
Is this not the case ?
@[email protected] the people managing that PC clearly stated they won't disable it. That's concerning.
@[email protected] it is concerning, and in this context, of course you'd want it to be force-disabled centrally
Still, if I understand well how Microsoft implemented it, she should still be able to at least disable it through the normal system settings window, on her machine, without any intervention from them.
DISM /ONLINE /DISABLE-FEATURE /FEATURENAME:RECALL
@[email protected] @[email protected]
I work for an ambulance service and asked our higher up managers about this. I was initially fobbed off with "that won't be an issue because Microsoft won't enable it." When I pushed and said what if, I was told it wouldn't happen, because Microsoft has withdrawn it. When I pushed one last time and suggested a Linux or other OSS alternative would resolve the issue, the head of IT security said "the NHS doesn't like Open Source because it could be hiding malicious code" 🤦🏻♂️
@[email protected] @[email protected] This is unfortunately a very common problem. I also often hear that open source is less secure because "everyone can see how it's made." Fortunately, when I explain that security through obscurity has limited effectiveness, many agree.
@[email protected] @[email protected]
I understand that point of view, but to think that oss is "hiding" malware just blew my mind coming from a tech security manager.
@[email protected] oh hell I hadn't thought about my patient data. I hate Microsoft so much.
Worked in software for 20 years, open source for most of it, but for the last 10 years of my career I did medical software.
If you're in the us... There is no way "LibreOffice and a browser" fulfills regulations around electronic medical records, unless you're saying their EMR system is web based and they just need a client.
@[email protected] as far as I know, they're just using a web browser and LibreOffice (to write and print letters, when needed) - Italy
@[email protected] Oh I see. They are already only using LO and browser. Got it! Godspeed and carry on! Sorry for my intrusion.
@[email protected] kudos to you ! 👍
@[email protected] My spouse has patient data on her managed computer and it is a real hassle. I don't know why Microsoft hasn't already been sued for HIPAA violations.
@[email protected] Having worked with the IT side of healthcare for years, this is probably a bit of an oversimplification.
If your doctor thinks they are a techy person and just installed their own machines, then they aren't following compliance rules anyway and are suspect.
Few doctors will risk this. Every doctor and dentist I've even been in pays for managed support, with someone specializing in healthcare rules. This includes things like GPOs to disable harmful features like this
@[email protected] IT orgs can (and do) turn off copilot and recall via Group Policy. Now, in Office 365, it's a bit harder, but doable.
@[email protected] no group policy involved, here. Just a simple PC - I think acting mainly as a thin client
@[email protected] I'm sure they have some type of endpoint management software. If not Active Directory, then Intune or Ivanti, to something else. You just can't manage large networks without some management suite.
Often, Microsoft give enterprises options that they don't give to consumers.