Securing Wi-Fi Access for Healthcare

By Susan Biddle, Sr. Director of Healthcare, Fortinet
Twitter: @Fortinet

Healthcare professionals are the epitome of a mobile workforce: constantly on the move and highly dependent on fast, accurate information. They need a secure wireless solution that performs flawlessly on the array of devices they rely on every day.

Hospitals, clinics and elder care facilities have countless ways to exploit wireless technology for better patient outcomes and improved operational efficiency. From accessing patient records with computers on wheels or handheld tablets to getting telemetry from medical devices, nurse call systems and location-tracking applications, Wi-Fi is now at the heart of patient care.

WLAN reliability is, of course, paramount. But there are a growing number of wireless devices accessing the network, many of them headless (with no user interface). That means that access control and application security are now critical success factors for any healthcare network.

To address these changes, healthcare organizations must balance the need for security with the flexibility of allowing almost any type of device onto the network. Health IT organizations must carefully research WLAN and security deployment models that don’t compromise the protection provided.

Healthcare WLAN Challenges

A Plethora of Mobile Devices
Today’s caregivers have a veritable arsenal of mobile devices at their disposal, many of which are personal. They must all be onboarded securely and in compliance with HIPAA and other healthcare standards.

From smartphones to Wi-Fi phones to voice pendants, clinicians often carry three or four mobile devices each and use any number of other Wi-Fi-enabled medical devices, from medical-grade tablets to infusion pumps. Many of those devices are owned by the physician, while others are issued and still others are shared. Each presents different security challenges that must be addressed.

Escalating Mobile Threats
Protecting patient data and regulatory compliance have always been a top concern for healthcare networks, and WLAN vendors all have robust solutions to neutralize wireless protocol and RF threats, such as rogue APs, DDoS and man-in-the-middle attacks, and more.

However, there is a growing vulnerability to malware resulting from the explosion of mobile devices in clinical environments. With that expanded connectivity and widespread reliance on the internet for updates and remote management, new security measures are required to offer continuous protection across this ever-growing attack surface.

Mission-Critical Apps
Healthcare has more than its share of mission-critical applications, some of which are even life-critical. Wireless LANs must deliver those applications without a glitch at every point of care, even in RF-hostile places such as elevators and radiology units.

Bandwidth demands from video, imaging, telemedicine and spiraling patient and guest usage are putting critical EHR, VOIP and telemetry applications at risk. Resources must be managed with surgical precision. Bandwidth management and application controls are crucial for prioritizing mission-critical apps while blocking or throttling others.

Rural and Community Clinics
Whether clinicians are at a hospital or at a remote clinic, they demand a consistent experience every time. They need seamless access to centralized medical records, local and remote clinical applications, and many other resources.

This secure mobility between locations requires sophisticated identity management integrated with a comprehensive security solution. But remote-care delivery must still make economic sense, and the cost and complexity of provisioning and maintaining secure Wi-Fi access and VPN connectivity at remote sites is often a barrier.

Healthcare WLAN Options

While capacity and coverage requirements vary from hospitals to clinics and everything in between, security, reliability and manageability are equally important to all. It can be very difficult to successfully deploy security solutions across all of these environments, as most solutions are built for one environment and do not scale well from the data center to the physician’s office.

Health IT organizations today have three distinctly different WLAN deployment models to choose from, which allows them to select the best match for their operational needs, without compromising security. The WLAN chosen must enable healthcare organizations to safely onboard caregivers’ personal devices, as well as medical equipment of every type. Whether it’s IV pumps, patient trackers, heart monitors or remote presence robots, they will all enjoy comprehensive protection from current and evolving threats. The three WLAN deployment model options for secure access are:

The Integrated Model
This solution is preferred by Health IT organizations that favor unified network and security management. In this solution, security and WLAN control are tightly integrated on a single platform and managed through a single pane of glass.

The integrated option is skewed toward ease of operation and superior visibility and control through its seamless integration of security and wired and wireless infrastructure under a unified management interface.

This solution is best suited to health networks with multiple locations such as clinics, community health centers and assisted living facilities.

The Controller Model
This model is a best-of-breed controller wireless offering which is preferred by Health IT organizations that like to manage networking and security separately, often using different vendor equipment for each.

In this solution, Wi-Fi and security are provided by different best-of-breed components, each managed independently. The WLAN system uses a channel management approach, which enables rapid deployment and scaling and offers several reliability and traffic isolation advantages.

This solution is best suited to large hospital campus deployments and is particularly effective at overcoming environmental interference from medical equipment.

The Cloud-Managed Model
The third WLAN model is preferred by health IT organizations with a large number of small sites requiring secure wireless networks. In this solution, security and WLAN control are tightly integrated in a cloud management platform allowing for centralized management and policies without the deployment of on-premises controllers.

This cloud-managed solution is skewed toward ease of operation and deployment while still providing superior visibility and control of all wireless traffic. It is best suited to health networks with many locations such as physician practices, clinics, community health centers and assisted living facilities.

Building a Secure Access Solution

The mobile revolution and IoT are bringing about an explosion of devices on healthcare networks. To protect patient data and deliver the best possible care, health networks need holistic, end-to-end cybersecurity at every point of care and in every facility, from clinics to hospital campuses. Health IT organizations can best serve their many and varied constituents by considering which WLAN model best meets their organizational needs, without compromising security.