War Driving as a Possible Risk

Home \ HIPAA & HITECH BLOG \ HIPAA Compliance Blog \ War Driving as a Possible Risk

Wikipedia defines “war-driving” as the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a portable computer or PDA. Some war-driving is fairly harmless as in passive, listen-only war-driving in which the activity merely identifies broadcasting addresses. But war-driving can result in hacking of proprietary information, including protected health information (“PHI”).

The number of Wi-Fi hotspot locations has grown exponentially and includes libraries, cafes, airports, and hotels. With a Wi-Fi connection, your workforce can connect to the internet almost anywhere and conduct the same online activities over Wi-Fi as they would at work, such as checking email, surfing the web, and connecting to their desktop remotely. And remote access to PHI may be crucial for caregivers who need immediate access, wherever they are, to their patients’ data. But HIPAA’s Security Rule clearly requires protection of such data regardless of its location and how it is accessed or transmitted.

Most Wi-Fi networks are unsecured and unencrypted. So if you are allowing, say, home health agency nurses to use laptops to transmit patient data over Wi-Fi, does a risk exist that some unauthorized person can access the data by war-driving? And, of course, one could war-drive a static location, such as a hospital that used Wi-Fi for its communications. When a Wi-Fi hotspot is unsecured, internet connections remain open to intrusion. Thus, hackers can intercept network traffic to steal your information.

Security measures for using Wi-Fi to transmit PHI include the following:

  • Use common sense. Ensure that no one else besides you is looking at your computer screen. Don’t leave your computer screen unattended. Do not transmit unsecured data over unsecured Wi-Fi. When entering sensitive information, such as PHI, ensure that either the webpage encrypts the information or that your Wi-Fi connection is encrypted. If you are not using the internet, disable your wireless adapter.
  • Use an encrypted virtual private network (“VPN”). A VPN can provide encryption over an unencrypted Wi-Fi connection. If you use a VPN, make sure that it has adequate encryption.
  • Check for SSL (Secure Sockets Layer) certificates on all websites on which you conduct sensitive transactions. SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely.
  • Ensure that your computer’s settings do not automatically connect it to the closest Wi-Fi access point, which could be a hacker’s computer access point.
  • Disable file-sharing.
  • Install a firewall on your computer and keep it enabled at all times when using Wi-Fi.
  • Keep your computer’s software and operating system up-to-date with security updates.

The foregoing is just a quick guide to protecting your PHI from war-driving. For a more complete guide, go to http://lifehacker.com/5576927/how-to-stay-safe-on-public-wi+fi-networks or http://www.onguardonline.gov/topics/hotspots.aspx.

On September 1st, 2011, posted in: HIPAA Compliance Blog by

Blog Categories

RSS Feed / Social Media

RSS feed
seo by: k.c. seo