Recent Topics
Pennzoil Platinum 5w30 at walmart.com
by Irishman. 12/16/18 11:08 AM
pcv cleaning
by macdole99. 12/16/18 10:39 AM
Solar lights that last all night
by Snagglefoot. 12/16/18 09:20 AM
Things Santa might say......
by ZZman. 12/16/18 08:24 AM
ULTRA-POWER 57082
by ET16. 12/16/18 06:56 AM
No collision totaled vehicle
by madRiver. 12/16/18 06:32 AM
Brightest backup light for my daughters car?
by BobsArmory. 12/16/18 06:26 AM
M1 0W20 EP Good To At Least 10K Miles ?
by ChrisD46. 12/16/18 03:29 AM
Gift for young Army Cadet
by Snagglefoot. 12/16/18 12:33 AM
Instacart Grocery Delivery
by dogememe. 12/16/18 12:26 AM
My brother bought this...
by miden851. 12/15/18 09:12 PM
Watch out for scammers
by Chris142. 12/15/18 08:45 PM
15K OCI R53 2006 Mini Cooper S 144k
by dx92beater. 12/15/18 08:32 PM
Beneficial clean fuel.injectors in Ultrasonic Cleaner
by JLawrence08648. 12/15/18 06:54 PM
Newest Members
MikeMTL, AJ11, bandito, Spkrdctr, torchredone12
66691 Registered Users
Who's Online Now
96 registered members (-SyN-, 64bawagon, 2002 Maxima SE, 92saturnsl2, Al, aba4430, 11 invisible), 2,240 guests, and 40 spiders.
Key: Admin, Global Mod, Mod
Forum Statistics
Forums67
Topics295,145
Posts4,928,610
Members66,691
Most Online2,553
Oct 27th, 2018
Donate to BITOG
Previous Thread
Next Thread
Print Thread
Hop To
Page 1 of 4 1 2 3 4
"Open" wireless network = HIPAA violation? #4459161
07/14/17 09:57 AM
07/14/17 09:57 AM
Joined: Dec 2014
Posts: 630
California
Ed_Flecko Offline OP
Ed_Flecko  Offline OP
Joined: Dec 2014
Posts: 630
California
A close friend of mine works at an organization that falls under HIPAA compliance.

It's my understanding their I.T. Department will soon be offering a truly "Open" wireless network for, literally, anyone to connect to. You heard right - not WEP, not WPA, WPA2, etc., etc., etc. Open.

I'm told their I.T. Management has assured upper-management they have no cause for worries, whatsoever, because the wireless network is protected by their firewall. It's hard for me to write that and not spit coffee from laughing all over my keyboard.

Isn't creating an "Open" wireless network, in and of itself, a HIPAA violation since they're no encryption, auditing, etc., of any kind?

Ed


K-9s teach the suspect that if you run...you'll only be arrested tired.

Support YOUR local law enforcement K-9 Unit!

https://www.ssdk9.com/
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459166
07/14/17 10:01 AM
07/14/17 10:01 AM
Joined: Apr 2010
Posts: 13,537
Chicago, IL
dparm Offline
dparm  Offline
Joined: Apr 2010
Posts: 13,537
Chicago, IL
I'm not a HIPAA expert, but yeah, that seems like a disaster waiting to happen.

The only way I can see that being permitted is if the guest network is physically isolated from the rest of the office network, meaning totally separate APs, switches, wiring, and even a different circuit from the LEC. The problem with this is all it takes is one idiot to accidentally plug a wire from an AP into the office network for that separation to be broken.


2017 Chevrolet Corvette Grand Sport
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459167
07/14/17 10:04 AM
07/14/17 10:04 AM
Joined: Dec 2012
Posts: 1,906
WNY
redhat Offline
redhat  Offline
Joined: Dec 2012
Posts: 1,906
WNY
This is more than likely for guest WiFi. Employee/corporate WiFi should (best case scenario) not have it's SSID broadcasting and use 802.1x RADIUS authentication by computer name and MAC filtering for enterprise nodes. Can also have a broadcast-able SSID that takes username and password again with RADIUS for employee use.

Open wireless network with a captive portal and TOS that needs to be accepted.

This SSID on a separate VLAN that only has traffic going out to the internet.

Pretty common.

Last edited by redhat; 07/14/17 10:08 AM.

17 Taurus Limited AWD - Dealer Fill of MCSB 5W-20 FL500S, 15k
14 Civic EX Coupe - NAPA Syn 0W-20 TG7317, 64k
09 Accord Sedan 5MT - Traveler 15W-40 XG7317, 151k
87 Regal Limited - 20W-50 VR1 WIX 51042
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459171
07/14/17 10:07 AM
07/14/17 10:07 AM
Joined: Apr 2008
Posts: 37,959
Ontario, Canada
OVERKILL Offline
OVERKILL  Offline
Joined: Apr 2008
Posts: 37,959
Ontario, Canada
It is quite possible to create an entirely separate, firewalled and traffic limited wireless network for the purposes of being "public". Generally these networks have a disclaimer you have to agree to before you can do anything and they are severely rate limited with rather liberal content filtering as well.

Most hospitals have something like this for guests and patients. The networks are open, but as described above. Depending on the age of the facility they may share access points with the facility's existing network or use entirely new hardware.


2018 RAM 1500 Big Horn EcoDiesel
2016 Grand Cherokee SRT
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459173
07/14/17 10:13 AM
07/14/17 10:13 AM
Joined: May 2015
Posts: 2,011
America
Alfred_B Offline
Alfred_B  Offline
Joined: May 2015
Posts: 2,011
America
It depends what the open network is used for. Usually the hospitals have a number of protected networks that are used by devices involved in the hospital business.

Then they have an open network, completely separated from the main network (separate ISP, separate physical route to the ISP), that is for the public. They still install a firewall to block out content prohibited by hospital policy (porn, P2P, etc.).

IT departments are not stupid -- it was probably misinterpreted by an information-deficient person.

Re: "Open" wireless network = HIPAA violation? [Re: Alfred_B] #4459175
07/14/17 10:17 AM
07/14/17 10:17 AM
Joined: Apr 2008
Posts: 37,959
Ontario, Canada
OVERKILL Offline
OVERKILL  Offline
Joined: Apr 2008
Posts: 37,959
Ontario, Canada
Originally Posted By: Alfred_B
It depends what the open network is used for. Usually the hospitals have a number of protected networks that are used by devices involved in the hospital business.

Then they have an open network, completely separated from the main network (separate ISP, separate physical route to the ISP), that is for the public. They still install a firewall to block out content prohibited by hospital policy (porn, P2P, etc.).

IT departments are not stupid -- it was probably misinterpreted by an information-deficient person.


Exactly thumbsup

Though I will add that sometimes they are not on a separate ISP, simply a separate IP address, as they usually have a decent pool of external addresses assigned to them. From behind the point of service from the ISP there is significant firewalling and traffic filtering as well as rate limiting so as to have next to zero impact on whatever available bandwidth is being provided by the ISP. I've seen this configuration many times and it is fun sometimes hopping on those networks when they are first setup and the facility is not active to see what you can pull before they put the brakes on it to make it reflect go-live.


2018 RAM 1500 Big Horn EcoDiesel
2016 Grand Cherokee SRT
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459181
07/14/17 10:26 AM
07/14/17 10:26 AM
Joined: Aug 2003
Posts: 13,143
NE,Ohio
Rand Offline
Rand  Offline
Joined: Aug 2003
Posts: 13,143
NE,Ohio
I will use those.. but only with VPN..

One said I was visiting an adult site and violating their TOS when I was on BITOG... lol.

Adult site=/=motor oil...

Tunnelbear works pretty good and 1GB free.. with easy app for android.

I only use them if I'm in the middle of the hospital with no signal.


2019 Jeep Cherokee Trailhawk 2.0T
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459182
07/14/17 10:26 AM
07/14/17 10:26 AM
Joined: Aug 2014
Posts: 1,453
Gulf Coast, MS
3800Series Offline
3800Series  Offline
Joined: Aug 2014
Posts: 1,453
Gulf Coast, MS
Aren't these the types of networks where you have to manually ban pretty much every proxy and VPN program on the net?

Re: "Open" wireless network = HIPAA violation? [Re: dparm] #4459185
07/14/17 10:28 AM
07/14/17 10:28 AM
Joined: Aug 2011
Posts: 3,388
Chicago,IL,USA
pandus13 Offline
pandus13  Offline
Joined: Aug 2011
Posts: 3,388
Chicago,IL,USA
Originally Posted By: dparm
...all it takes is one idiot to accidentally plug a wire ...

I sense you have some good stories.....
:-))


16 Golf SportWagen
13 Mazda5
08 Yaris
04 Elantra
95 accent
95 mystique
97 concorde
Re: "Open" wireless network = HIPAA violation? [Re: 3800Series] #4459190
07/14/17 10:32 AM
07/14/17 10:32 AM
Joined: Apr 2008
Posts: 37,959
Ontario, Canada
OVERKILL Offline
OVERKILL  Offline
Joined: Apr 2008
Posts: 37,959
Ontario, Canada
Originally Posted By: 3800Series
Aren't these the types of networks where you have to manually ban pretty much every proxy and VPN program on the net?


No, companies like Cisco keep updated lists that are used for that purpose that the appliance downloads periodically.


2018 RAM 1500 Big Horn EcoDiesel
2016 Grand Cherokee SRT
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459194
07/14/17 10:39 AM
07/14/17 10:39 AM
Joined: Apr 2008
Posts: 12,990
Onondaga County
Miller88 Offline
Miller88  Offline
Joined: Apr 2008
Posts: 12,990
Onondaga County
Like others have said, it's very likely on it's own VLAN with Internet access ONLY. Should be good as you can't access internal client data


18 Forester 2.5I 6M
00 Jeep Cherokee
01 Ford F-350 XL 4x4 5M
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459203
07/14/17 10:49 AM
07/14/17 10:49 AM
Joined: Dec 2014
Posts: 1,684
'murica
Ethan1 Offline
Ethan1  Offline
Joined: Dec 2014
Posts: 1,684
'murica
Originally Posted By: Ed_Flecko
A close friend of mine works at an organization that falls under HIPAA compliance.

It's my understanding their I.T. Department will soon be offering a truly "Open" wireless network for, literally, anyone to connect to. You heard right - not WEP, not WPA, WPA2, etc., etc., etc. Open.

I'm told their I.T. Management has assured upper-management they have no cause for worries, whatsoever, because the wireless network is protected by their firewall. It's hard for me to write that and not spit coffee from laughing all over my keyboard.

Isn't creating an "Open" wireless network, in and of itself, a HIPAA violation since they're no encryption, auditing, etc., of any kind?

Ed



Every hospital has guest wifi, so.....

Re: "Open" wireless network = HIPAA violation? [Re: Alfred_B] #4459224
07/14/17 11:17 AM
07/14/17 11:17 AM
Joined: Dec 2014
Posts: 630
California
Ed_Flecko Offline OP
Ed_Flecko  Offline OP
Joined: Dec 2014
Posts: 630
California
Originally Posted By: Alfred_B
It depends what the open network is used for. Usually the hospitals have a number of protected networks that are used by devices involved in the hospital business.

Then they have an open network, completely separated from the main network (separate ISP, separate physical route to the ISP), that is for the public. They still install a firewall to block out content prohibited by hospital policy (porn, P2P, etc.).

IT departments are not stupid -- it was probably misinterpreted by an information-deficient person.


This information is 100% accurate - my friend who shared this with me works in the I.T. Department, and one of his 27 certifications includes CISSP.

There's only one physical network, no content filtering intended of any sort on this new Open network, and the only thing that separates the wireless from the rest of the confidential network infrastructure is that's it's going to be assigned a different VLAN tag.

Oh, and I almost forgot - the Terms of Service "agreement" isn't anything you'll have to "agree to" in the strict sense in order to proceed, it's just a pop-up you can ignore as you proceed to enjoy the free wifi service!

Ed


K-9s teach the suspect that if you run...you'll only be arrested tired.

Support YOUR local law enforcement K-9 Unit!

https://www.ssdk9.com/
Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459233
07/14/17 11:31 AM
07/14/17 11:31 AM
Joined: Feb 2013
Posts: 318
FL USA
Blueskies123 Offline
Blueskies123  Offline
Joined: Feb 2013
Posts: 318
FL USA
I do not think you have all the facts and seem a little paranoid. Many secure facilitates have guest networks, that is how they keep guests out of the the corporate systems.

Re: "Open" wireless network = HIPAA violation? [Re: Ed_Flecko] #4459242
07/14/17 11:41 AM
07/14/17 11:41 AM
Joined: Dec 2012
Posts: 1,906
WNY
redhat Offline
redhat  Offline
Joined: Dec 2012
Posts: 1,906
WNY
If your friend is a CISSP, then why is he a part of a department letting a loosely secure guest WiFi (sounds as if your friend has influenced your opinions of this network) to exist?


17 Taurus Limited AWD - Dealer Fill of MCSB 5W-20 FL500S, 15k
14 Civic EX Coupe - NAPA Syn 0W-20 TG7317, 64k
09 Accord Sedan 5MT - Traveler 15W-40 XG7317, 151k
87 Regal Limited - 20W-50 VR1 WIX 51042
Page 1 of 4 1 2 3 4

BOB IS THE OIL GUY® Powered by UBB.threads™