Information security in health care – four critical errors