Tech question: wireless security

1
Hopefully one of the computer savvy members here can help me with this one. My mom is a nurse practitioner and works in a small doctor's office. With the new HIPAA requirements, she spends loads of time entering data into patients' charts on the computer. The doctor lets her log into the office system from home, using the standard Windows remote desktop connection, I think. Right now she has an old Dell desktop but wants to get a new laptop. How can she make sure that the private medical data is kept secure over her home wireless connection? Is using WPA security enough? What if she takes her laptop somewhere like the St. Louis Bread Company and uses their free wi-fi? Will the data be vulnerable there? Thanks.

Re: Tech question: wireless security

2
depends on how she connects to the doctor's office. if he's using two-factor authentication over an encrypted channel, she should be ok. if he's using any sort of VPN only, that would probably also work, but i would recommend more. if you ask her this and she has no idea what you're talking about, she should not be doing this remotely. the government would flip out on that doctor if they found out the data wasn't "best effort" protected and encrypted. meaning, at rest and in motion. meaning, whatever "patient chart" system they're using on the back end should also be encrypted.

Re: Tech question: wireless security

3
For once I'm not really sure what C is getting at... Maybe I'm mis-interpreting both posts, but it doesn't all seem applicable to this situation? The setup of the system at the doctor's office really isn't any of her concern, or anything she could do anything about, so I doubt she'd be able to answer that question. Also, he did say how she'll be connecting to the doc's office - Windows RDP - which certainly is far from the best when it comes to dealing with confidential information remotely. I would suggest that she urge the doctor to implement a proper secured VPN system (easy to do).

Connecting to the doc's office using RDP from home over a hard-line (with properly configured router/firewall) is fine. Doing so over a secured wireless connection, assuming certain conditions are met, can be passable, though not ideal. Those conditioned being that the wireless connection is properly secured with at least WPA2 using AES or AES+TKIP - under no circumstances should WEP be used, it is not secure in any fashion. MAC address filtering is fine to use, but don't kid yourself into thinking that it's any form of actual security - it is super easy to spoof a MAC address. The wireless access point should be connected to/part of a properly firewalled router. However, as noted, this is very far from ideal. Unless it can be assured that the wireless connection is as secure as the hard-line, I wouldn't really want to transfer confidential information over it on a regular basis, and I doubt the gubermentz would look too highly upon it either.

When it comes to picking up a free wi-fi hotspot, under no circumstances should any form of unsecured confidential information be transferred over that connection. Which is to say that, since she is connecting over RDP, she should never use an open hotspot. There are ways of securing your data sent over an open access-point, but none that will really be feasible for your mother, especially when using WinRDP.

Re: Tech question: wireless security

4
I checked with my mom and she is using Windows Remote Desktop Connection (on XP) to connect to the office. Apparently the doctor (also a she) does the same thing on her laptop from home and from anywhere. Apparently they were at a conference or something recently and the doctor was using her laptop to work on charts while they were there, so she doesn't seem very concerned about the security of the information.

My parents have AT&T Uverse at home with an all-in-one modem/router/wireless/firewall. After she gets a laptop, the next time I'm home I'll make sure she is set up with WPA2 security so that at least she has done her due diligence to keep the info secure. Thanks for the help!