Corban Technology Solutions Journal
The heart of your clinic network
January 29th 2019
By Stan Shaw
and Rob Behrouzian
Part 9 of our series on Privacy and Data Security Best Practices.
Part 9 of our series on Privacy and Data Security Best Practices.
Wireless Routers
Wireless Routers
Hidden in your clinic's network wiring closet, or perhaps on a shelf, is a critical component needed to safeguard your clinic's data. Unlike the mass of network cables shown in the photo, this article focuses on a component that cannot be seen. These are networks that connect computers wirelessly. And wireless can be at least as confusing and even more complicated than wired connections to set up.
Hidden in your clinic's network wiring closet, or perhaps on a shelf, is a critical component needed to safeguard your clinic's data. Unlike the mass of network cables shown in the photo, this article focuses on a component that cannot be seen. These are networks that connect computers wirelessly. And wireless can be at least as confusing and even more complicated than wired connections to set up.
The reason this is important is that, unlike cables, wireless networks use radio signals that go beyond the walls of of your clinic. Other users, including very sophisticated hackers, can potentially access it. They could be sitting in your clinic waiting room. Or they could be next door, or connecting in from the floor above or below your clinic. Or even, depending on the strength of your wireless signal, sitting in a car out on the street. It is quite possible that unless care is taken, that no one will ever know someone nearby breached your clinic network. Fortunately, there are ways you can protect yourself.
The reason this is important is that, unlike cables, wireless networks use radio signals that go beyond the walls of of your clinic. Other users, including very sophisticated hackers, can potentially access it. They could be sitting in your clinic waiting room. Or they could be next door, or connecting in from the floor above or below your clinic. Or even, depending on the strength of your wireless signal, sitting in a car out on the street. It is quite possible that unless care is taken, that no one will ever know someone nearby breached your clinic network. Fortunately, there are ways you can protect yourself.
Most wireless routers have some form of security settings to prevent unauthorized users from accessing your network.
Most wireless routers have some form of security settings to prevent unauthorized users from accessing your network.
However, the default security settings of most wireless routers may not be configured to industry security best practices. In fact, because we also see them being used as firewalls guarding your entire network, they can open your clinic to being exploited through a variety of hacking techniques. We strongly recommend that a wireless expert assists you to help purchase and configure your router properly.
However, the default security settings of most wireless routers may not be configured to industry security best practices. In fact, because we also see them being used as firewalls guarding your entire network, they can open your clinic to being exploited through a variety of hacking techniques. We strongly recommend that a wireless expert assists you to help purchase and configure your router properly.
Here are eight steps that can go a long way towards helping to establish a secure wireless network:
Here are eight steps that can go a long way towards helping to establish a secure wireless network:
1. Physical Security. Ensure your device is stored in a secure, optimal broadcast location where the general public has no direct access to it. And protect it from excess heat and dust, as this may cause it to malfunction.
1. Physical Security. Ensure your device is stored in a secure, optimal broadcast location where the general public has no direct access to it. And protect it from excess heat and dust, as this may cause it to malfunction.
2. Purchase 'business class' routers, over 'consumer grade' routers typically purchased for home use. While consumer-grade routers may have similar features, they are not designed to be as reliable, or maintain the level of security demanded in clinics to handle personal medical information. And some, one popular brand in particular, may actually introduce the risk of a privacy breach. One of its 'security features', used in their wireless routers since at least 2015, can potentially forward sensitive emails from connected users in clear text to the servers of a third-party for antivirus scanning. This may be something to think about if you are worried about where your internal communications are being sent.
2. Purchase 'business class' routers, over 'consumer grade' routers typically purchased for home use. While consumer-grade routers may have similar features, they are not designed to be as reliable, or maintain the level of security demanded in clinics to handle personal medical information. And some, one popular brand in particular, may actually introduce the risk of a privacy breach. One of its 'security features', used in their wireless routers since at least 2015, can potentially forward sensitive emails from connected users in clear text to the servers of a third-party for antivirus scanning. This may be something to think about if you are worried about where your internal communications are being sent.
3. Consider investing in a business-quality firewall in front of your wireless router. Don't rely on just your wireless router to do all of the work. Remember, highly confidential information is being carried on your clinic network, and your firewall is the bastion protecting your clinic from hackers located anywhere in the world. A relatively small investment in hardware may save thousands of dollars in lost productivity, and many hours of time dealing with privacy and security issues should the firewalls on these devices fail.
3. Consider investing in a business-quality firewall in front of your wireless router. Don't rely on just your wireless router to do all of the work. Remember, highly confidential information is being carried on your clinic network, and your firewall is the bastion protecting your clinic from hackers located anywhere in the world. A relatively small investment in hardware may save thousands of dollars in lost productivity, and many hours of time dealing with privacy and security issues should the firewalls on these devices fail.
4. Create a guest network. Isolate your internal clinic network from the guest network. Your internal network should require your staff to enter a user ID and complex password. Your patients should access only the guest network and be unable to access your internal network. Do not send patient data over your guest network.
4. Create a guest network. Isolate your internal clinic network from the guest network. Your internal network should require your staff to enter a user ID and complex password. Your patients should access only the guest network and be unable to access your internal network. Do not send patient data over your guest network.
5. Enable encryption and other technical measures recommended below.
5. Enable encryption and other technical measures recommended below.
6. Carefully manage mobile devices accessing your secure clinic network to reduce the risk of exposing it to compromised systems. Look for an upcoming Best Practices article to help you with this.
6. Carefully manage mobile devices accessing your secure clinic network to reduce the risk of exposing it to compromised systems. Look for an upcoming Best Practices article to help you with this.
7. Log, monitor and audit. Install wireless intrusion prevention systems to regularly monitor your network for unusual or unauthorized activities. Be on the alert for rogue access points masquerading as one of your own.
7. Log, monitor and audit. Install wireless intrusion prevention systems to regularly monitor your network for unusual or unauthorized activities. Be on the alert for rogue access points masquerading as one of your own.
8. Focus on security awareness and training. While IT staff needs to be fully aware of how to configure complex wireless routers and firewalls, your clinic staff needs to be aware of their role towards safeguarding personal information, including appropriate use of your wireless network. See our article about creating a culture of security, and Best Practices for ideas on how to do this.
8. Focus on security awareness and training. While IT staff needs to be fully aware of how to configure complex wireless routers and firewalls, your clinic staff needs to be aware of their role towards safeguarding personal information, including appropriate use of your wireless network. See our article about creating a culture of security, and Best Practices for ideas on how to do this.
All of these are important to help ensure that your clinic is taking reasonable precautions to protect personal information, as required in British Columbia under section 34 of the Personal Information Protection Act (PIPA). Because health records are especially sensitive, this requires special attention when protecting them in your clinic.
All of these are important to help ensure that your clinic is taking reasonable precautions to protect personal information, as required in British Columbia under section 34 of the Personal Information Protection Act (PIPA). Because health records are especially sensitive, this requires special attention when protecting them in your clinic.
As part of these steps, here are some technical measures your IT support staff should consider.
As part of these steps, here are some technical measures your IT support staff should consider.
Please note that safeguards to properly secure health information may require additional measures depending on where your clinic is located, especially if it is part of a hospital or larger health information organization. And, of course, IT security measures needed to protect you are always evolving. For clinicians in private clinics located in British Columbia, the Doctors Technology Office at Doctors of BC is an excellent source of additional information.
Please note that safeguards to properly secure health information may require additional measures depending on where your clinic is located, especially if it is part of a hospital or larger health information organization. And, of course, IT security measures needed to protect you are always evolving. For clinicians in private clinics located in British Columbia, the Doctors Technology Office at Doctors of BC is an excellent source of additional information.
If you need assistance, contact us.
If you need assistance, contact us.