Friday, April 25, 2008
Loose Wi-Fi offiice networks can be an issue for medical, financial, legal consumers
On April 25 (tonight), WJLA (ABC) in Washington DC presented a story of the risk of consumer identification information (or medical, legal, or especially financial information) when given to businesses with office wireless networks that have not been properly secured. “Wireless dumpster divers” can often fish for consumer information. In some cases, security switches on wireless routers have been left on.
The story appears as part of “7 On Your Side: Wi-Fi Dangers” where investigator Aaron Titus demonstrated how easily information could be gleaned from an office, to the anger of at least one law office. The link is here.
The report suggests that consumers who use such services check their names out at SSNBreach. SSNBreach is part of the Liberty Coalition.
Medical information must be secured, when transmitted or exposed, according to HIPAA (Health Insurance Portability and Accountability Act) requirements. Normally medical applications would need extra security that should protect information even if a hacker got access. It would be surprising if personal information from medical offices was captured in an exercise like this. In 2002, I had a phone interview for a mainframe job motivated by complying with HIPAA privacy requirements.
This problem would seem to be related to a larger issue of wireless security in general, especially for people who travel with work. Although most large companies would arrange proper security for traveling employees, large breaches or leaks from major corporations have occurred numerous times, as well documented in news reports (partly just through laptop or diskette theft as well as access compromise). A different problem could occur as people travel on personal business and take laptops and depend on motel or café wireless access. I’ll probably write more about this later. But a good article, "Security issues when using outside networks," by Edward K. Zollars on the Tax Adviser explains why wireless and even broadband security can get out of hand: Ethernet was designed when computers were large, expensive and stationary, and physical mobility of machines was not a consideration. The link is here.
A couple of other important articles: Barb Bomman: WPA Wireless Security for Home Networks: link (on Microsoft). She also has an article about airports and motels "On the Road Again" here.
and "Understanding the Wireless Network Connection Dialog Box in XP" link here.