Suppose a miscreant manages to capture the password of a physician in a hospital that is part of a large integrated delivery network (IDN) that shares identity assertions across all hospitals and clinics. Knowing that the IDN typically uses lastname_first-initial as user identifiers, the miscreant then remotely logs into the EHR system using the physician's user ID and captured password. Discuss implications of this authentication failure on the access-control mechanism, audit trail, and secure e-mail application in place.