Few understand how tough it can be to lock down wireless networks better than Stephen Lewack, director of technical services and communications at Columbus Regional Healthcare System. Lewack is protecting a burgeoning number of wireless devices gaining popularity throughout the hospital, which includes more than 400 in-patient beds, more than 200 long-term care beds, and a pharmacy.
Since 2002, the hospital has been moving away from cumbersome paper-based processes, instead tracking and sharing patient information such as medical reports, test results, and X-rays electronically. Wireless access to electronic medical records improves the productivity of clinical staff and even the quality of patient care, Lewack says. "People can access the information they need wherever they happen to be," he says.
But that wireless convenience and productivity comes with the burden of keeping sensitive patient information whirling through the air secure. The hospital didn't want to dictate what types of wireless devices doctors and health-care professionals could use, Lewack says. So one of the first steps he took was to require hospital workers wanting to use wireless devices to register them with the technical and communications services office before they could use them to access the network. "We didn't want to hinder the adoption of these devices by telling them what devices they had to use," Lewack says.
The ease with which wireless devices such as PDAs, notebooks, and tablets connect to local access points can make it tough to ensure that only authorized devices are granted entry. This, combined with the many known attacks that make it possible to snoop on data transmitted wirelessly, caused Columbus Regional Healthcare to turn to Fortress Technologies' AirFortress wireless security gateways to protect its Cisco Systems wireless infrastructure for more than 1,000 hospital workers.
The gateways provide several ways to authenticate users to the network, including using passwords and secure wireless encrypted connections. The AirFortress gateways meet the government's rigorous FIPS 140-2 (Federal Information Processing Standards) security-validation program and maintains compliance with the Health Insurance Portability and Accountability Act, both important factors, Lewack says. The hospital installs AirFortress secure wireless clients on each device. The clients enable the devices to securely connect to the wireless gateways. AirFortress clients support a wide variety of handheld devices and are easy to manage, Lewack says.
As part of his wireless security program, Lewack also uses wireless security gear from AirDefense Inc., including an intrusion-protection system that helps ensure that rogue wireless access points aren't installed on the network and also blocks many types of attacks. "Using both provides us a greater level of assurance," Lewack says.
Columbus Regional Healthcare's wireless network has proven itself a boost to productivity and patient care, Lewack says. And it's continuing to grow, securely. The hospital has more than 110 wireless access points in patient areas now, dozens more access points in doctor lounges, cancer conference centers, and other offices set to follow. Says Lewack, "It makes it easier to deliver care right on the spot."