At the Wirral University Teaching Hospital NHS Foundation Trust in northwest England, the mechanism is based on a wireless network that not only maintains security, but also provides clinical staff with a measure of flexibility they have never had before.
The network was deployed over a vast site that encompasses the Arrowe Park and Clatterbridge hospitals, and is also supporting the phone system and paging of medical staff.
The system is the culmination of many years' work under the leadership of Pete Marsh, the technical director for Wirral Health Informatics Service (WHIS). Marsh has been using wireless communications since the 1990s, incorporating
Requires Free Membership to View
SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!
Michael S. Mimoso, Editorial Director
spread-spectrum technology, and his group has spent a long time exploring various interfaces that could help clinical staff in their work. The new IP-based network was installed principally to support picture archiving communications systems (PACS) -- electronic scans and X-rays -- which would enable doctors to view the images wherever they are needed, without the aid of a lightbox.
"We needed to take the lightbox to the bedside," Marsh said, "And to do that we needed mobile technology and wireless networking." The technology would also allow MRI scans to be streamed directly to the bedside.
| ||||
"They were close, but Aruba had the edge for performance, spread and availability. And they were better on security -- their control could go down right to the aerial," Marsh said.
Aruba was able to provide coverage with fewer access points (three in most wards) and was able to cope with the practical constraints that limit where an access point could be placed. The system also came with security -- firewalls, message encryption and wireless IDS -- embedded into the controllers and management servers, and not as an add-on.
At the time of the decision, Wirral was also in the process of moving from a Novell-based user directory to Microsoft Active Directory, and it was essential for users to be able to authenticate to either system during the transition period, which the Aruba network was able to accommodate.
Now that the transition is complete, any device attached to the network is first authenticated against Active Directory to verify that it is a known Wirral-owned machine, and then the user may log on using a username and password, or increasingly an NHS smart card.
The wireless traffic is encrypted right from the client machine to the data centre, preventing hackers from intercepting and spying on network traffic.
If a device is reported lost or stolen, it can be deactivated in Active Directory, and therefore blocked out of the network. Any unknown access points will be picked up by the Aruba access points and reported back to a central monitor, where staff will decide if they are a potential threat.
Using the mapping function in the central controller, IT staff can pinpoint the physical location of the device within a couple of metres, and then go investigate.
The resilience of the network is maintained by having two controllers, one on each hospital site, both of which are capable of supporting the whole network if the other fails. Equally, if an access point fails, it is detected by neighbouring access points, which boost their broadcasting power to cover any dead areas.
The initial deployment involved more than 150 access points and was confined to the major wards in the Arrowe Bridge site. With more funding becoming available, wireless VoIP has been implemented across the two-hospital site.
The Voice over Internet Protocol (VoIP) project -- which now allows free phone communications over the IP network and supports the paging of clinical staff -- greatly extended the Aruba network into corridors, stairwells and other departments to provide complete coverage, raising the total number of access points up to 550.
Although wireless networking used to be considered difficult, Marsh said his system hasn't encountered many problems. The Aruba technology automatically balances the loads between access points to maintain service levels and prioritises phone traffic to ensure call quality.
"The users take it for granted," he said. "They just assume they can move around a ward and have image data or patient record delivered when they need them."