training room

Wi-Fi Security threat a risk to every health care clinic

This week the KRACK (which stands for Key Reinstallation Attack) threat to the WPA2 security framework was announced. KRACK is especially relevant to the small businesses that we work with because usually, you don’t have a dedicated IT person to update your hardware on site.

Details of the danger

This danger makes traffic between wireless devices & your router susceptible to interception by a third party. This third party would just need to be within range of your wireless network without needing to log in. If the communication is encrypted, in the case of secure websites for instance, the third party would not be privy to the content of the communication. In the case of unencrypted communication however, the intercepting third party would see everything.

KRACK is mostly a local threat. Any individuals attempting to expoit the threat need to be in range of your router. I’ve always found that not publishing your network name eliminates the possibility of people discovering your network by chance.

Lock it down

Update all of your wireless devices beginning with your routers & modems.

  1. Run updates on all Windows, Apple, & Android devices.
  2. Here are links to a few popular router manufacters pages to help you get started on securing your own network.

We are putting on a free webinar on HIPAA security and we will cover updating router firmware for sure. If you want to attend it’s going to be from 1:00 – 2:00 PM CST. Register by clicking here

training room

Risk from Kaspersky Lab’s Anti-Virus Software

Common anti-virus, Kaspersky that came pre-install on computers from popular retailer Best Buy was recently found to be a vulnerable to security risks.
(see article)

This just demonstrates, that no matter your best intentions or how proactive you are at security protected health information (PHI) you need to have an updated and dynamic process for addressing HIPAA security issues.
Here are some things we think you need to address with your staff, to protect you work stations and network:

  • E-Mail phishing scams. Never download or open anything on work computers from your e-mail.
  • Never check personal e-mail from work computers.
  • Make sure your wireless password is not the factory default and change it once per year.
  • Make sure employees are not sharing passwords. Each individual employee needs their own log-in.
  • If you are using a data back up service. Make sure you understand how you can restore that data if and when you need it.

There are many other factors in establishing a comprehensive process of maintaining protected health information (PHI). These are some of the easiest to fix and most common dangers to health care providers today.