Recent Topics
Half Price - Shell Helix HX7, Castrol Edge and GTX
by SR5
06/22/18 03:59 AM
Why hang your bicycle from the ceiling?
by mjoekingz28
06/22/18 03:47 AM
Oil For High Sustained RPM on BMW S52
by ZEK
06/21/18 10:41 PM
Chevy brought the blazer back
by WiskyBadger
06/21/18 10:07 PM
LC20 and uses in modern motor oil
by synman
06/21/18 10:01 PM
Full Synthetic CJ-4 or > 5W-30 or 10W-30
by LeTempt
06/21/18 09:57 PM
2018 RAM 1500 EcoDiesel
by OVERKILL
06/21/18 08:37 PM
Fram SureGrip coating
by mobilaltima
06/21/18 08:24 PM
Manual transmissioned electric car
by mjoekingz28
06/21/18 06:45 PM
1991 Toyota Previa New JDM engine Redline
by Kurtatron
06/21/18 06:26 PM
8 yr old channeling John Bonham
by Toy4x4
06/21/18 06:02 PM
Traveller nlgi 2
by Spitter
06/21/18 05:33 PM
Upgrading the Kohler 7000 series air cleaner
by Patrick0525
06/21/18 05:08 PM
Any nano reefers here?
by RichardS
06/21/18 05:04 PM
ARC remanufactured Power Steering Pump
by Pajero
06/21/18 04:58 PM
John Deere "Easy Change" System gimmick
by SnowmanCO
06/21/18 04:55 PM
Oz Planstic Bag Bans - not so green.
by Shannow
06/21/18 04:31 PM
help me choose...
by chaindrive
06/21/18 04:07 PM
France F1 Grand Prix
by DeepFriar
06/21/18 03:16 PM
Valvoline High Mileage with maxlife tech semi-syn
by bradtech
06/21/18 03:16 PM
Newest Members
ZEK, Dudewayne, kmdz, harborbirds, frascati
65292 Registered Users
Who's Online
18 registered (Ducked, Char Baby, dishdude, 14ecocruze, 2 invisible), 392 Guests and 36 Spiders online.
Key: Admin, Global Mod, Mod
Forum Stats
65292 Members
67 Forums
285752 Topics
4768913 Posts

Max Online: 3590 @ 01/24/17 08:07 PM
Donate to BITOG
Page 1 of 4 1 2 3 4 >
Topic Options
#4459161 - 07/14/17 10:57 AM "Open" wireless network = HIPAA violation?
Ed_Flecko Offline


Registered: 12/01/14
Posts: 611
Loc: California
A close friend of mine works at an organization that falls under HIPAA compliance.

It's my understanding their I.T. Department will soon be offering a truly "Open" wireless network for, literally, anyone to connect to. You heard right - not WEP, not WPA, WPA2, etc., etc., etc. Open.

I'm told their I.T. Management has assured upper-management they have no cause for worries, whatsoever, because the wireless network is protected by their firewall. It's hard for me to write that and not spit coffee from laughing all over my keyboard.

Isn't creating an "Open" wireless network, in and of itself, a HIPAA violation since they're no encryption, auditing, etc., of any kind?

Ed

Top
#4459166 - 07/14/17 11:01 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
dparm Offline


Registered: 04/19/10
Posts: 13466
Loc: Chicago, IL
I'm not a HIPAA expert, but yeah, that seems like a disaster waiting to happen.

The only way I can see that being permitted is if the guest network is physically isolated from the rest of the office network, meaning totally separate APs, switches, wiring, and even a different circuit from the LEC. The problem with this is all it takes is one idiot to accidentally plug a wire from an AP into the office network for that separation to be broken.
_________________________
2017 Chevrolet Corvette Grand Sport

Top
#4459167 - 07/14/17 11:04 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
redhat Offline


Registered: 12/07/12
Posts: 1713
Loc: Anywhere, USA
This is more than likely for guest WiFi. Employee/corporate WiFi should (best case scenario) not have it's SSID broadcasting and use 802.1x RADIUS authentication by computer name and MAC filtering for enterprise nodes. Can also have a broadcast-able SSID that takes username and password again with RADIUS for employee use.

Open wireless network with a captive portal and TOS that needs to be accepted.

This SSID on a separate VLAN that only has traffic going out to the internet.

Pretty common.


Edited by redhat (07/14/17 11:08 AM)
_________________________
09 Accord Sedan 5MT - Travellers 15W-40, XG7317, 142k
14 Civic EX Coupe - NAPA Syn. 0W-20, WIX 57356, 54k

Top
#4459171 - 07/14/17 11:07 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
OVERKILL Offline


Registered: 04/28/08
Posts: 36452
Loc: Ontario, Canada
It is quite possible to create an entirely separate, firewalled and traffic limited wireless network for the purposes of being "public". Generally these networks have a disclaimer you have to agree to before you can do anything and they are severely rate limited with rather liberal content filtering as well.

Most hospitals have something like this for guests and patients. The networks are open, but as described above. Depending on the age of the facility they may share access points with the facility's existing network or use entirely new hardware.
_________________________
2016 Durango Limited
2016 Grand Cherokee SRT

Top
#4459173 - 07/14/17 11:13 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
Alfred_B Offline


Registered: 05/12/15
Posts: 1968
Loc: America
It depends what the open network is used for. Usually the hospitals have a number of protected networks that are used by devices involved in the hospital business.

Then they have an open network, completely separated from the main network (separate ISP, separate physical route to the ISP), that is for the public. They still install a firewall to block out content prohibited by hospital policy (porn, P2P, etc.).

IT departments are not stupid -- it was probably misinterpreted by an information-deficient person.

Top
#4459175 - 07/14/17 11:17 AM Re: "Open" wireless network = HIPAA violation? [Re: Alfred_B]
OVERKILL Offline


Registered: 04/28/08
Posts: 36452
Loc: Ontario, Canada
Originally Posted By: Alfred_B
It depends what the open network is used for. Usually the hospitals have a number of protected networks that are used by devices involved in the hospital business.

Then they have an open network, completely separated from the main network (separate ISP, separate physical route to the ISP), that is for the public. They still install a firewall to block out content prohibited by hospital policy (porn, P2P, etc.).

IT departments are not stupid -- it was probably misinterpreted by an information-deficient person.


Exactly thumbsup

Though I will add that sometimes they are not on a separate ISP, simply a separate IP address, as they usually have a decent pool of external addresses assigned to them. From behind the point of service from the ISP there is significant firewalling and traffic filtering as well as rate limiting so as to have next to zero impact on whatever available bandwidth is being provided by the ISP. I've seen this configuration many times and it is fun sometimes hopping on those networks when they are first setup and the facility is not active to see what you can pull before they put the brakes on it to make it reflect go-live.
_________________________
2016 Durango Limited
2016 Grand Cherokee SRT

Top
#4459181 - 07/14/17 11:26 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
Rand Offline


Registered: 08/20/03
Posts: 12643
Loc: NE,Ohio
I will use those.. but only with VPN..

One said I was visiting an adult site and violating their TOS when I was on BITOG... lol.

Adult site=/=motor oil...

Tunnelbear works pretty good and 1GB free.. with easy app for android.

I only use them if I'm in the middle of the hospital with no signal.
_________________________
2017 Jeep Cherokee Trailhawk V6

Top
#4459182 - 07/14/17 11:26 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
3800Series Offline


Registered: 08/02/14
Posts: 1452
Loc: Gulf Coast, MS
Aren't these the types of networks where you have to manually ban pretty much every proxy and VPN program on the net?

Top
#4459185 - 07/14/17 11:28 AM Re: "Open" wireless network = HIPAA violation? [Re: dparm]
pandus13 Offline


Registered: 08/12/11
Posts: 3196
Loc: Chicago,IL,USA
Originally Posted By: dparm
...all it takes is one idiot to accidentally plug a wire ...

I sense you have some good stories.....
:-))
_________________________
16 Golf SportWagen
13 Mazda5
08 Yaris
04 Elantra
95 accent
95 mystique
97 concorde

Top
#4459190 - 07/14/17 11:32 AM Re: "Open" wireless network = HIPAA violation? [Re: 3800Series]
OVERKILL Offline


Registered: 04/28/08
Posts: 36452
Loc: Ontario, Canada
Originally Posted By: 3800Series
Aren't these the types of networks where you have to manually ban pretty much every proxy and VPN program on the net?


No, companies like Cisco keep updated lists that are used for that purpose that the appliance downloads periodically.
_________________________
2016 Durango Limited
2016 Grand Cherokee SRT

Top
#4459194 - 07/14/17 11:39 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
Miller88 Offline


Registered: 04/09/08
Posts: 12703
Loc: Onondaga County
Like others have said, it's very likely on it's own VLAN with Internet access ONLY. Should be good as you can't access internal client data
_________________________
18 Forester 2.5I 6M
00 Jeep Cherokee
01 Ford F-350 XL 4x4 5M

Top
#4459203 - 07/14/17 11:49 AM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
Ethan1 Offline


Registered: 12/29/14
Posts: 1632
Loc: 'murica
Originally Posted By: Ed_Flecko
A close friend of mine works at an organization that falls under HIPAA compliance.

It's my understanding their I.T. Department will soon be offering a truly "Open" wireless network for, literally, anyone to connect to. You heard right - not WEP, not WPA, WPA2, etc., etc., etc. Open.

I'm told their I.T. Management has assured upper-management they have no cause for worries, whatsoever, because the wireless network is protected by their firewall. It's hard for me to write that and not spit coffee from laughing all over my keyboard.

Isn't creating an "Open" wireless network, in and of itself, a HIPAA violation since they're no encryption, auditing, etc., of any kind?

Ed



Every hospital has guest wifi, so.....

Top
#4459224 - 07/14/17 12:17 PM Re: "Open" wireless network = HIPAA violation? [Re: Alfred_B]
Ed_Flecko Offline


Registered: 12/01/14
Posts: 611
Loc: California
Originally Posted By: Alfred_B
It depends what the open network is used for. Usually the hospitals have a number of protected networks that are used by devices involved in the hospital business.

Then they have an open network, completely separated from the main network (separate ISP, separate physical route to the ISP), that is for the public. They still install a firewall to block out content prohibited by hospital policy (porn, P2P, etc.).

IT departments are not stupid -- it was probably misinterpreted by an information-deficient person.


This information is 100% accurate - my friend who shared this with me works in the I.T. Department, and one of his 27 certifications includes CISSP.

There's only one physical network, no content filtering intended of any sort on this new Open network, and the only thing that separates the wireless from the rest of the confidential network infrastructure is that's it's going to be assigned a different VLAN tag.

Oh, and I almost forgot - the Terms of Service "agreement" isn't anything you'll have to "agree to" in the strict sense in order to proceed, it's just a pop-up you can ignore as you proceed to enjoy the free wifi service!

Ed

Top
#4459233 - 07/14/17 12:31 PM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
Blueskies123 Offline


Registered: 02/17/13
Posts: 288
Loc: FL USA
I do not think you have all the facts and seem a little paranoid. Many secure facilitates have guest networks, that is how they keep guests out of the the corporate systems.

Top
#4459242 - 07/14/17 12:41 PM Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko]
redhat Offline


Registered: 12/07/12
Posts: 1713
Loc: Anywhere, USA
If your friend is a CISSP, then why is he a part of a department letting a loosely secure guest WiFi (sounds as if your friend has influenced your opinions of this network) to exist?
_________________________
09 Accord Sedan 5MT - Travellers 15W-40, XG7317, 142k
14 Civic EX Coupe - NAPA Syn. 0W-20, WIX 57356, 54k

Top
Page 1 of 4 1 2 3 4 >