Study Finds Security Flaw in Hospital Wireless Networks

Thu, 05/22/2014 - 11:35

By Blaine Sheasley, Marketing Intern

In April, Wired published a story, titled “It’s Insanely Easy to Hack Hospital Equipment”, that discusses a myriad of security problems discovered during a study performed by Scott Erven, head of information security at Essentia Health hospitals. The two-year study found many potential security breaches within the Essentia Health system, any of which could pose a threat if accessed by the wrong people.

Erven concluded that any equipment connected to the hospital network was vulnerable. This weakness stemmed from the lack of network firewalls (which would require the correct authentication to allow access) and from devices with weak, hardcoded passwords. That means anyone who has access to the internal network could easily gain access to most if not all of the equipment connected to the internal network.

Security of medical devices should be of primary concern for hospitals and medical device manufacturers. The Erven study though took a leap of faith by only looking at the security of the device from the network. IT departments go to great efforts to secure the enterprise network and obtaining access to the network and the VLANs the medical devices operate on is key to exploiting the issues in the Wired article.

The article highlights the need for a secure and reliable enterprise infrastructure. For wireless devices, this includes the use of secure data encryption and strong authentication protocols, such as WPA2- Enterprise with Advanced Encryption Standard (AES). Such industry accepted protocols provide for the best security for wireless networks and are a key aspect of medical device protection.

Medical device makers must choose their Wi-Fi radios carefully, while network administrators in hospitals should include sufficient security requirements in the criteria for selecting medical devices. With a little work and the correct implementation of security best practices, hospitals and equipment providers can plug security holes, leading to greater peace of mind for healthcare providers and their patients.

Laird Wi-Fi modules come equipped with integrated security specifically designed for the enterprise network. Every reliable Wi-Fi network connection can be secured with WPA2-Enterprise (IEEE 802.11i) security and authenticated using one of six popular EAP (802.1X) types. For more information, visit Laird’s Wi-Fi radio modules webpage.