Related Items

• Articles from this Site

  System Gives Patients Privacy Control

  Deal Reached on Privacy Bill

  PHNS Buy Augments Data Mgmt. Tools

  HHS Issues Privacy Enforcement Data

  GE Asks FCC to Protect Telemetry

• White Papers

  Double Take® In The HIPAA-Regulated Healthcare Industry

  Why The Mobile Industry is Evolving Towards Security

  Evaluating EHR Systems: A Step By Step Approach

  A Guide to Understanding and Implementing Network Access Control in Healthcare Network

  Compliance. Protection. Recovery. A Layered Approach to Computer Security for Healthcare Organizations

• Web Seminars

  Laptop Management and Data Breach Prevention for Healthcare

  Performance Analytics: Next Generation Healthcare Dashboards... Now

FREE Health Data Management Site Registration

Sign up today and access the leading source of Health Care I.T. information on the Web. Your FREE site registration entitles you to: Free Health Data Management e-newsletter   Search more than 12,000 articles   Access Web Seminars on a host of I.T. topics   White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues   Podcasts, updates on industry events, and much more!

Beefing Up Security

By Joseph Goedert, News Editor April 30, 2008

When Intermountain Healthcare started using wireless laptop computers in 2002, security technologies in a wireless environment were relatively immature. The 23-hospital delivery system based in Salt Lake City used Wired Equivalent Privacy, or WEP, encryption on the laptops. WEP, however, can easily be cracked in an hour or two, acknowledges Ty Bindrup, enterprise network planner.

Wireless user authentication technology also wasn’t mature enough to adequately support user name and password protection. Now, those security applications are ready, Bindrup says.

Intermountain early this year added 256-bit encryption software and strong user authentication software from Cisco Systems Inc., San Jose, Calif., to more than 3,500 laptops. “Security now is mature to the point where it’s pretty solid,” he adds.

Another new security feature in the Cisco suite permits only one network connection on a laptop at a time. If the device is hardwired, the wireless connection shuts down. If the wire is disconnected, wireless turns back on. Allowing only one network connection prevents data on a wired network from leaking over to a wireless network—possibly a network not controlled by Intermountain. Leakage also confuses network switches and can slow down a network.

Embracing New Technology

A growing number of health care organizations are concluding that a wide range of new security products are ready for adoption. In addition to stronger encryption, these include applications that make a network appear invisible to snoopers, telephone-based user authentication, and software to enable infusion pumps to securely transmit data.

Despite the many next-generation security technologies that are now available, however, some health care organizations apparently still are using networks and mobile devices that lack adequate protections.

There’s been no shortage of news reports of stolen laptops loaded with sensitive, unencrypted health and financial data on thousands of individuals.

For example, in January, a laptop owned by Horizon Blue Cross Blue Shield of New Jersey was stolen. The device contained personal information on about 300,000 of the Newark-based plan’s 3.4 million members.

Horizon was installing encryption software, but the affected laptop had not yet been serviced. The Blues plan declined to discuss steps taken since the incident to beef up security. In an e-mail message to Health Data Management, a spokesperson said the company was “past this story” and concerned that commenting “will simply remind people that the theft occurred.”

Intermountain, like many other health care organizations, waited for security technologies to evolve before updating their technologies designed to protect wireless environments, contends Bindrup.

“Because of the huge proliferation of wireless technology in recent years, we resisted the urge to pursue the latest and greatest,” he notes. “We want mature stuff that will keep the network stable.”

Bindrup believes Intermountain’s information security staff earned credibility with senior management and wireless I.T. users by not “changing stuff every month.”

Now that security technology is more mature, it’s easier to win support, Bindrup says. “When we want something for the network, its easier because management knows this is a change that will last and is not experimental.”

As it implemented the Cisco Secure Wireless Solution, Intermountain found the product provided a tested and realistic platform for enterprise deployment, Bindrup says. “Each component, from the client software to the wireless LAN controllers, to the authentication servers interacted as expected.”

But there was one hurdle Intermountain could not overcome. The security technologies could not accommodate importing wireless user profiles already in the Windows operating system. That meant laptop users had to build new profiles for the Cisco security software.

More Feature Articles

Data Security Archive
Mobile Tech Archive
Hospitals Archive
Group Practices Archive

Marketplace

• About Us
• Advertising/Media Kit
• Reprints
• Editorial Calendar
• Contact Us
• Customer Service
• Privacy Statement

©2008 HealthDataManagement and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.