Thread: Ack - security and T's computer system!
View Single Post
 
Old Sep 06, 2018, 09:15 PM
guilloche guilloche is offline
Magnate
  
Member Since: Jun 2014
Location: US
Posts: 2,734
I'm kind of worrying here, and wondering if I could get some advice/perspectives... especially those of you that are fairly tech savvy.

I met with a new T this week to talk about doing neurofeedback (she'd just be doing neurofeedback, I would still see my regular T for actual therapy).

It looks interesting, so I have an appointment for Monday morning to do the brain map (where they check out how your brain is currently functioning, before figuring out how to train it). I'm nervous, but also hopeful and excited.

Before I can do that though, I have to fill out a bunch of forms online - health and mental health information. Things like symptoms (so they can determine whether your symptoms are a result of the neuro-stuff)...

That's all fine... so far. Except... she sent me a link to their website, told me to login with my email address, and sent me the password in the email. A four-digit password.

I expected that I could change the password on the site... because seriously, she SENT THE PASSWORD VIA EMAIL (not encrypted, not secure!), and it's a FOUR DIGIT password (e.g. "1234") which would be ridiculously easy for someone to crack (4 digits = 10,000 possible combinations. That's it. That's not a lot!) On top of that, this is health/mental health information, and I'm in the US (I think, but am not sure HIPPA might play into how health info is stored).

There was no place to change the PW. *sigh*. OK, so I emailed her. A fairly friendly, light email asking her if there was a way to change the PW, because I couldn't find it... and it seemed like such an obvious thing that you should be able to do.

She just replied. And said nope, but not to worry! It's totally secure! They have over 500 people using it, and her husband works at a company that does "identity management".

Errr... I do not feel reassured.

I know, I'm difficult. I know, I'm making this hard. But, seriously... it's health information! And she sent the 4-digit password to me in EMAIL.

What would you do? I've been struggling to find anyone competent locally who can do neurofeedback, and she seems to be the best option.

I don't know... it doesn't feel secure. I think my only other option is to ask her if I can speak to her for a minute on the phone, and see if she can manually reset the password to something a bit better, over the phone (rather than in email, which again, is so not secure!)

Should I treat this as a huge red flag and totally bail? The appointment is Monday, and... shoot. I think I need to give 24 hours to cancel, which would mean (in business days) tomorrow (Friday) morning...

I don't know what else to do...
Reply With QuoteReply With Quote
Hugs from:
Anonymous56789, atisketatasket