Re: Push back and automate
Logon with name is nice. So is a system that remembers user name. I think it isn't a big risk - although it's another matter for e-mail addresses and spear phishing, you probably want a random number on those - otherwise it's the passwords that need to be secret. And short names are good.
Tip that I read somewhere: spam tools typically will just not send to an address that contains the term "spam", such as "robert.hates.spam" or "rc.nospam.thankyou", so if that is your actual address then you won't be bothered. It was said that they also avoid the ".mil" domain - you can see that point of view but it's quite a drastic remedy.
So anyway: are those accounts based on forenames? Maybe I have a blind spot for this, I can't think of names beginning with Boo, except for Boo Radley. And Booker T. Washington. Who is quite famous.
I am also stuck for the other names. I promise I am not trying to social engineer your hospital.
I suppose that the NHS has a lot of Gastarbeiter with names that are unfamiliar in common English, but would those workers get the joke?