- More and more hospital visitors are expecting guest access to healthcare wireless networks, so healthcare organizations need to plan accordingly.
In a recent survey of healthcare IT trends, 77 percent of respondents stated their wireless network was being used for guest access. Guest access was the most popular wireless use for respondents followed by clinical communications (66%), medical records (55%), and medical devices (52%).
The majority of healthcare institutions offer some kind of access for guests, but an improperly deployed and managed guest network presents serious security risks.
Anyone in proximity of the guest network can log in, including hackers looking to access sensitive health data. Some guests may unintentionally put an organization’s network at risk by accessing the Wi-Fi with a compromised device. In order to avoid this type of authorized access, healthcare organizations must work to separate guest networks from the private operational network.
Having employees and guests accessing the network with the same credentials is a challenge for IT departments to manage, especially if electronic health data is not contained or organized beyond a basic software-as-a-service (SaaS) platform.
Barriers and guest login walls also serve IT by tracking IP addresses so people who live near a healthcare organization can’t take advantage of the free guest Wi-Fi and take up bandwidth meant for patients and guests.
Deploying a guest network does not require setting up an entirely new wireless network infrastructure or purchasing additional access points. It also does not require the guest to download or configure his device for network access.
Guest networks often require different access levels as well. Contractors, consultants, and other outside workers coming into a healthcare organization need access to printers, applications, and files. Contractor access requires restrictions, especially if the contractor doesn’t have the clearance level to view certain information.
Establishing a separate guest network will accommodate outside workers using the secure healthcare network and guests accessing just the internet.
If an institution embraces patient apps, it must modify its guest networks as a result. Patients will need to log into these apps when visiting their doctor and be able to do so securely.
Tunneling or encapsulating the guest traffic accessing the internet through an organization’s access points can help segment and secure a healthcare network. Tunneling wraps the connection and protects the network from the public internet.
Although guests aren’t accessing the network at the same level as the organization’s workers, they are using the same bandwidth which can cause disruptions in service for medical professionals, especially if guests are streaming media or downloading files.
Dual-band access points, especially the latest IEEE standard 802.11ac, can be split in order to segregate the bandwidth used by employees from the bandwidth available to guests. The wider channels provided by 802.11ac access points give each segregated access type more bandwidth, so more guests can stream at the same time without slowing each other down.
Typically, guest networks have user policy management options as well. Users are required to agree to terms of service and may be asked to enter a readily available password to be granted access. IT can set certain restrictions — e.g., the network can only be accessed from a certain location — to prevent remote hackers from getting through the validation process.
Setting time restrictions also prevents access from outside the building once the guest has departed. While it is unpopular, implementing paid access is possible using a WLAN controller via the login portal. Only 5 percent of the aforementioned survey respondents reported required payment for guest access to their network.
Implementing a successful and secure guest network requires much more than enabling a feature on an access point. Healthcare IT departments need to consider the kinds of guests potentially accessing the network and take measures to ensure that only guests of an organization are those capable of using it.