- Recent policy changes in the healthcare industry are putting pressure on health network security. Once considered a luxury, secure, fast, and reliable wireless networks are now vital to every healthcare organization. Patient portals, cloud servers, and medical equipment reliant on the Internet of Things (IoT) cannot function without a wireless network capable of handling such a demanding environment.
Wireless networks act as the life-blood of any organization and healthcare is no exception. What makes healthcare networks an even more challenging deployment are restrictions and rules regarding electronic health data and health data privacy and security rules (e.g., HIPAA). For health IT infrastructure, common threats to wireless local area networks (WLANs) need to be taken seriously. Failure of a wireless network while medical devices are in use would not only delay important work, but it would put lives in danger.
Because the scale of upgrading an entire wireless network is so large, it’s often the last project any organization wants to fund. Replacing dated endpoint devices can be a short-term fix, but without the latest wireless standard, 802.11ac, new hardware won’t function at peak capability. Like laying tracks before sending the train, the latest hardware and medical equipment can’t be properly utilized if the network isn’t functioning to its highest capacity.
According to an AHIMA survey, one of the biggest concerns healthcare organizations have about WLANs is: Are they as secure as a wired network? Because of the evolution of wireless networks the answer is yes; however, there are different threats that need to be managed and monitored.
Upgrading a wireless network is much more than purchasing new access points (APs) and placing them at intervals to cover the entire facility. These are centrally controlled systems that need to be managed by a dedicated IT department. Different users will need different access, especially since guest use is becoming a common practice for most medical organizations.
Since there is no longer a physical link needed to establish a connection, signals can be reached from anywhere in the coverage zone. While this is great for authorized users, the signal can sometimes reach further than intended allowing outsiders to detect the network. The AHIMA survey outlines some of the common threats that can affect WLANs in healthcare:
- Denial of service (DoS): An event that prevents users from accessing the network. DoS attacks do not always target WLANs, but being the most easily accessible part of the IT infrastructure to reach from the outside makes WLANs susceptible to DoS attacks.
- WLAN scanning and monitoring: Attackers will scan for WLANS to learn their service set identifiers (SSIDs) and use that information to access rogue APs through an ad hoc connection. Through this connection user information and authentication procedures can be collected and used to access secure servers.
- Rogue or unauthorized APs: Access can be gained through open entry points which can include unapproved or unsecured devices accessing the network. Often this occurs when devices or equipment, like wireless printers, are not configured correctly.
- Misconfigured APs: More advanced APs offer in-depth configuration options that need to be customized for each organization. Healthcare organizations are especially susceptible to this kind of attack because of the configurations needed to differentiate between employee access and guest access. APs that are left on factory default settings or misconfigured can be vulnerable to attack.
- Endpoint attacks: Access can be gained through endpoint devices as well as Wi-Fi drivers in computers and medical devices that don’t have the latest patches installed.
- WLAN malware: Medical devices with outdated operating systems are particularly vulnerable when it comes to malware because they typically aren’t updated or reconfigured often enough. Malicious malware can also be implemented through mobile devices.
Considering these potential vulnerabilities, deciding when an institution should upgrade their wireless network is just as important as understanding why covering all the wireless network security bases will severely decrease the risk of these attacks. Large-scale deployment is a huge undertaking, but it is necessary in order to move forward with all present and future medical technology.
Preventing these kinds of attacks and vulnerabilities starts with educating employees about secure networks and how to access them and ends with deploying the most secure wireless network possible. These actions along with dedicated IT professionals, propor monitoring tools, and up-to-date security will ensure employees and patients are getting the latest and most secure access everyday.