- The MD Anderson Cancer Center in Houston plans to beef up security for a wireless LAN pilot project with technology that can rapidly and dynamically change encryption keys to block hackers from accessing private information.
Technical papers published this (US) summer pointed out the vulnerability of encryption keys to over-the-air sniffing in the Wired Equivalent Protocol (WEP) built into standard 802.11b wireless LAN products. Clyde Miner, Anderson's MIS manager of technical services, says the centre has decided to augment WEP with a product from Cisco Systems that provides for dynamic key management rather than the static keys used in WEP.
Cristine Falsetti, director of marketing for wireless networking at Cisco, says dynamic key management would allow Anderson to change keys often, "as often as every three minutes, if that's what they want."
Miner says that because of security concerns and the strict privacy mandates of the federal Health Insurance Portability and Accountability Act (HIPAA), Anderson is "proceeding cautiously" with its wireless LAN pilot project. The test project is designed to serve seven physicians and ancillary personnel in Anderson's Breast Center and would be used for real-time bedside data entry and decision support."
Miner says he believes the Cisco system does "offer a near-term solution to security issues," adding that other issues with WEP "must be addressed in the two-year window prior to HIPAA compliance."
Jody Patilla, vice president of METASeS, a data security consulting firm in Cornelius, North Carolina, says adding layers of protection to WEP makes sense in a medical environment because WEP "does not meet" the requirements of HIPAA, "which requires data to be secure in transit and storage."
Miner says that if the Breast Center pilot is successful, and the added security from Cisco addresses the deficiencies of WEP, then the centre plans to start deploying wireless LANs throughout the campus in connection with an electronic medical records project.
Miner estimates the wireless LAN would have an estimated base of 6000 users out of a current employee population and could provide service to an area of 3 million square feet.