Wireless network configuration best practices.

Tod Ferran, CISSP, QSA
By: Tod Ferran
It’s good to keep patients entertained while in the waiting room. According to a 2013 Software Advice survey, 90% of U.S. patients are aggravated by doctors’ office delays. In that same survey, 60% said free Wi-Fi would somewhat minimize their frustration.


The problem is, many offices don’t have their Wi-Fi set up correctly, turning that free patient asset into a liability. What if a patient (or someone posing as a patient) hacked that free Wi-Fi network? Depending on how your network is set up, he or she could tap into your patient data in less than 60 seconds.

SEE ALSO: Warbiking Studies Find Wi-Fi Has Serious Security Issues

Watch this video to learn best practices for healthcare Wi-Fi security.


There are a few potential problems with free Wi-Fi in healthcare, but the main two I’ve seen are:
  • Network configuration
  • Network encryption

Network configuration

Do your patients use the same wireless network as your workforce members? If the answer is yes, you have a potential security breach on your hands.
Tweet: Do patients use the same Wi-Fi as your workforce? If yes, you've got a problem: http://bit.ly/1wuIhiu #HIPAATweet
Guest wireless networks should always be segmented from your non-guest wireless network by a firewall.

For example, if your Wi-Fi network name was DrSwenson, I would set up another Wi-Fi network exclusively for patients named DrSwensonGuest. Nurses, office managers, and physicians should only use DrSwenson, and patients should only use DrSwensonGuest.


In addition to the two different networks, it’s imperative to ensure both networks are actually separated by a firewall. If not, you could be putting your organization in serious liability. In fact, you have probably allowed impermissible disclosure of patient data and don’t even know it.

SEE ALSO: Balancing Mobile Convenience and PHI Security

Network encryption

What type of Wi-Fi encryption does your guest wireless network use? What type of Wi-Fi encryption does your workforce wireless network use?

As you set up your network, the little acronym next to the security encryption standard you choose will be a crucial part of your security. Is it WEP, WPA, or WPA2? Or do you have an open network with no encryption at all?

Security best practice is to set up your Wi-Fi with WPA2. Since 2006, WPA2 has been the most secure wireless encryption standard. As you set up WPA2, for both your guest and non-guest wireless networks, make sure the password you use is secure (SEE ALSO: HIPAA Compliant Passwords). Don’t use the default password or username that comes with your wireless router!

Have a HIPAA security question? Leave a comment and you may see your question answered on the next HIPAA Snippets video.

Tod Ferran (CISSP, QSA) is a Mensa aficionado, Cancun expert, and Security Analyst for SecurityMetrics with over 25 years of IT security experience. In addition to his many speaking engagements and webinars, he provides security consulting, risk analysis assistance, risk management plan support, and performs security, HIPAA, and PCI compliance audits. Connect with him for recommendations on excellent places to stay, activities, and restaurants in Cancun, or check out his other blog posts here.

Wednesday, October 15, 2014