Wireless LAN (WLAN) security is a necessity in healthcare, where confidential patient and medical information traverses...
the airwaves in a constant flow. And for Tuality Healthcare, which runs two acute-care hospitals and offers outpatient, specialty, health education and other services, tight control over the wireless network was really a life-or-death matter.
According to Chris Herrin, Tuality's network services manager, patient protection is at the top of the company's list of priorities. But at a time when rogue devices and network hijackers can compromise the network, having security guards and other physical security options can't do the trick alone.
"You not only have to take care of just the physical security," Herrin said. "You have to have comfort and confidence that patient information doesn't fall into the wrong hands."
If networked patient information were compromised, he said, patient files could be altered. As a result, patients could receive the wrong treatment or the wrong medication and, in very extreme circumstances, they could die.
Recently, Tuality deployed Network Chemistry's RFprotect suite of security solutions -- including RFprotect Scanner, RFprotect Mobile and RFprotect Distributed -- to secure the network, wireless infrastructure and a host of new applications. The deployment started at Tuality's largest hospital, but there are plans in place to expand it throughout the main campus.
Herrin said Tuality was initially looking for a solution to protect against rogue devices. As part of his criteria, the tools had to be easy to deploy and had to cover the entire network to prevent exposure of confidential data and critical assets. Rogue devices such as unauthorized access points, unmanaged servers and rogue peers -- typically a laptop with wired and wireless interfaces and bridging enabled -- hadn't presented a problem for Tuality in the past, Herrin said, but he wasn't going to risk any possible exposure.
Herrin uses RFprotect Scanner, a wired-side vulnerability management appliance that identifies and classifies all network components and infrastructure, to track down rogues and remove them from the network. RFprotect Scanner also offers enforcement of internal networking policies to thwart data loss or theft.
Adding into the mix a new clinical information system, which features point-of-care and other applications to boost employee productivity and patient care, also required a secure wireless infrastructure. Using RFprotect Distributed, a wireless monitoring and intrusion prevention system, and RFprotect Mobile, a portable laptop-based analyzer for automating site surveys, security assessments and incident response, protects against wireless attacks and misuse, Herrin said. The combination of wired and wireless tools keeps Tuality in line with HIPAA compliance to protect patient information.
Before rolling out Network Chemistry's tools, Tuality also looked at Siemens for WLAN security, Herrin said, but he found that Network Chemistry had a stronger architecture and was easier to deploy.
"We are implementing a company-wide clinical information system for our facilities, and a secure network and wireless infrastructure is a critical requirement," he said, adding that making the wired and wireless infrastructure impenetrable, removing unauthorized users and devices, and enforcing safe network policies are essential.
"When our hospitals took the step to move forward with wireless, we were getting ready to place our patient data management system," Herrin said, later noting that the process was an eye-opener. "Gosh, there's an awful lot that's going to have to be done."
Herrin had reason to suspect that some "hitchhiking" was going on, meaning that unauthorized users were using the wireless network. A quick scan found 18 other sites in the immediate area that also had wireless.
"We wondered, 'What's our exposure?'" he said. "I don't need people out in the parking lot acting as physicians."
The first phase of deployment encompasses two floors, Herrin said. Next, the rest of the hospital and several remote sites will be added.
"This is not just a try-and-see kind of option," he said.
T. Paul Thomas, Network Chemistry's CEO, said Tuality falls in line with other organizations hoping to keep the wireless spectrum clear of unwanted users and threats.
"With the deployment of the RFprotect solution, Tuality can securely deploy an array of applications to improve productivity while ensuring the protection of patient information across their networks," Thomas said. "Whether organizations are implementing wireless applications or trying to keep rogue devices off their entire network, they can benefit from a comprehensive approach to securing their infrastructure and environment."