Hospitals are hotbeds of IoT. With constantly mobile patients and caregivers, Wi-Fi is the preferred connection method for the expanded digital environment. Healthcare IT managers may see dozens, hundreds or even thousands of devices roll in each day — all require dependable and secure wireless access.
Here are four tips to ensure that your hospital’s Wi-Fi networks are up to the challenge of patient care:
1. Isolate IoT to Keep Performance High
Don’t let IoT devices share wireless service set identifiers with anything else. For now, IoT devices can share access points — but be on the lookout for density issues and be prepared to increase the number of access points.
Most IoT devices will use older, 2.4-gigahertz (802.11b/g/n) radios, which provide limited bandwidth, so the IoT SSID should be configured with a minimum received signal strength indicator and minimum speeds. This will keep a distant IoT device from using the wrong AP and degrading performance for everyone.
2. Ensure Reliability Meets Hospital Requirements
Wireless networks have slowly evolved from nice to have for staff and guests to mission-critical, especially with patient care devices reporting and controlled via Wi-Fi. IT managers should step back and examine overall system reliability to see if their engineering matches the new requirements.
For example, wireless LAN controllers may need to be reconfigured into high-availability mode, wireless mesh features may need to be enabled, or the wireless LAN may need to be redesigned to eliminate the need for an in-line controller.
3. Secure IoT Devices with Firewalls and Traffic Controls
Protect yourself and your network by isolating the IoT network using security appliances configured with extreme firewall and intrusion prevention system rules. Traffic — both inbound and outbound — must be strictly controlled.
At the WLAN level, enable wireless isolation to block station-to-station communications unless there is a clear need for peer-to-peer traffic. Additionally, lock down outbound traffic to specific IP address ranges and ports needed, and block everything else.
4. Keep Access Simple for Hospital Staff
Once a device is configured with SSID and a WPA2-PSK password, no one wants to revisit that for periodic Wi-Fi updates. IT managers will be lucky if they can get annual password changes; anything more frequent is usually out of the question.
Other access control mechanisms, such as MAC-based authentication, must be layered over WPA2-PSK passwords to help lock down the IoT network. Some devices will support more advanced authentication mechanisms, such as digital certificates or username/password pairs (WPA2-enterprise), but these are rare. IT managers should stick with a simpler, universal WPA2-PSK system and depend on firewalls and application layer encryption instead.