Hospital initiates secure wireless transmission of medical data

By Ron Condon, U.K. Bureau Chief 09 Apr 2009 | SearchSecurity.co.uk

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

At the Wirral University Teaching Hospital NHS Foundation Trust in northwest England, the mechanism is based on a wireless network that not only maintains security, but also provides clinical staff with a measure of flexibility they have never had before.

The network was deployed over a vast site that encompasses the Arrowe Park and Clatterbridge hospitals, and is also supporting the phone system and paging of medical staff.

The system is the culmination of many years' work under the leadership of Pete Marsh, the technical director for Wirral Health Informatics Service (WHIS). Marsh has been using wireless communications since the 1990s, incorporating spread-spectrum technology, and his group has spent a long time exploring various interfaces that could help clinical staff in their work.

The new IP-based network was installed principally to support picture archiving communications systems (PACS) -- electronic scans and X-rays -- which would enable doctors to view the images wherever they are needed, without the aid of a lightbox.

"We needed to take the lightbox to the bedside," Marsh said, "And to do that we needed mobile technology and wireless networking." The technology would also allow MRI scans to be streamed directly to the bedside.

NHS trust moves to protect data in emails, laptops and USB sticks To better protect patient information, one Lancashire NST trust has stepped up its email encryption and mobile data defenses.

When it came to choosing a network supplier, Marsh set up a trial between Cisco Systems Inc. and Aruba Networks Inc., giving them each a ward to cover. It was important to test that a Wi-Fi network could deliver the data speeds required for streamed images of MRI scans, for example. He also needed to test the hand-off between access points as clinicians went about their work and moved around a ward.

"They were close, but Aruba had the edge for performance, spread and availability. And they were better on security -- their control could go down right to the aerial," Marsh said.

Aruba was able to provide coverage with fewer access points (three in most wards) and was able to cope with the practical constraints that limit where an access point could be placed. The system also came with security -- firewalls, message encryption and wireless IDS -- embedded into the controllers and management servers, and not as an add-on.

At the time of the decision, Wirral was also in the process of moving from a Novell-based user directory to Microsoft Active Directory, and it was essential for users to be able to authenticate to either system during the transition period, which the Aruba network was able to accommodate.

Now that the transition is complete, any device attached to the network is first authenticated against Active Directory to verify that it is a known Wirral-owned machine, and then the user may log on using a username and password, or increasingly an NHS smart card.

The wireless traffic is encrypted right from the client machine to the data centre, preventing hackers from intercepting and spying on network traffic.

If a device is reported lost or stolen, it can be deactivated in Active Directory, and therefore blocked out of the network. Any unknown access points will be picked up by the Aruba access points and reported back to a central monitor, where staff will decide if they are a potential threat.

Using the mapping function in the central controller, IT staff can pinpoint the physical location of the device within a couple of metres, and then go investigate.

The resilience of the network is maintained by having two controllers, one on each hospital site, both of which are capable of supporting the whole network if the other fails. Equally, if an access point fails, it is detected by neighbouring access points, which boost their broadcasting power to cover any dead areas.

The initial deployment involved more than 150 access points and was confined to the major wards in the Arrowe Bridge site. With more funding becoming available, wireless VoIP has been implemented across the two-hospital site.

The Voice over Internet Protocol (VoIP) project -- which now allows free phone communications over the IP network and supports the paging of clinical staff -- greatly extended the Aruba network into corridors, stairwells and other departments to provide complete coverage, raising the total number of access points up to 550.

Although wireless networking used to be considered difficult, Marsh said his system hasn't encountered many problems. The Aruba technology automatically balances the loads between access points to maintain service levels and prioritises phone traffic to ensure call quality.

"The users take it for granted," he said. "They just assume they can move around a ward and have image data or patient record delivered when they need them."

Tags: Data Protection Solutions and Strategy,  Wireless Network Security: Setup, Issues and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection Solutions and Strategy Enterprise data management: Prevent data loss and insider threats NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel Make PCI DSS compliance easier by reducing scope, outsourcing data Data Protection Act fines likely limited, audit powers may expand Websense integrated security system aims to simplify security management Full disk encryption: Safer and easier than file and folder encryption No major PCI DSS revision expected in 2010 Data breach costs continue to rise in 2009, Ponemon study finds Chinese hacker attacks target Google Gmail accounts, top tech firms Annual security reports offer some hope Wireless Network Security: Setup, Issues and Threats Configuring a Windows network infrastructure: Wired, wireless security College learns lessons in choosing the right NAC appliance GSM cell phone encryption crack may force operators to upgrade How to keep networks secure when deploying an 802.11n upgrade Researchers find thousands of flawed embedded devices Wireless network guidelines for PCI DSS compliance SMS attacks against BlackBerry certificate bug possible Remote phone lock and GPS tracking counter smartphone security risks Mobile device encryption a must, says Information Commissioner MMS messaging spoof hack could have global ramifications

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary