Addressing Security Gaps in Health Care WiFi Networks With AI and Automation

In this interview, Roger Sands, CEO and co-founder of Wyebot, discusses how health care organizations can strengthen their WiFi infrastructure to support AI adoption while maintaining HIPAA compliance, mitigating vulnerabilities, and leveraging automation to manage complex, evolving network environments.

Please state your name, title, and any relevant experience you’d like to share.

Roger Sands: I'm Roger Sands. I'm the CEO and co-founder of Wyebot. We focus on WiFi automation solutions for enterprise customers and school districts all over the world.

As artificial intelligence (AI) becomes more embedded in health care operations, how can IT teams ensure their networks remain compliant with evolving regulations?

Sands: A key consideration is Health Insurance Portability and Accountability Act (HIPAA) standards and compliance. The majority of health care organizations have that covered, meaning they understand the regulations and have policies and procedures in place to protect patient information at the network level.

When evaluating a new solution, health care organizations have to determine whether it interacts with protected health information. Does it store data? Does it pass data through the system? Is there any involvement with critical data for those organizations?

As you probably know, there have been a number of cyberattacks on hospitals over the past couple of years. When IT organizations are evaluating solutions, it's very important to understand how that solution fits within HIPAA compliance and the data and security aspects of it.

If it's involved in those areas, then it obviously has to go through some very rigid compliance testing, certification, and validation before being put into operation. If it's a system or solution that is not involved in those elements, it’s still important to have validation, documentation, and proof of that. Once you understand the difference, then what's required in terms of deployment, rollout, and implementation is very different if it's not touching the patient data or the security of the network as a whole.

What are some of the most overlooked vulnerabilities in health care WiFi networks, and how can IT teams mitigate them?

Sands: From a security point of view—unauthorized devices. These could be clients or network components. In general terms, we call those access points or routers. You have both sides of the network: clients and the infrastructure—access points and routers.

One of the most important things from a security point of view is to validate and make sure that there are no unauthorized clients or infrastructure devices showing up on the network. If they're allowed to have any type of access, it becomes a door into a potential security threat. That's number one. There are mechanisms, techniques, and software to review and validate that you're being secure when it comes to those elements.

The second item, equally important, is what we call IoT devices—Internet of Things. In the health care space, there are a lot of different IoT devices entering the network. It could be standard medical equipment, such as patient monitoring devices, dialysis machines, or it could be security cameras or door locks for patient monitoring. There is a wide range of WiFi-enabled devices now entering into health care.

These are authorized devices. We started with the unauthorized devices, but now we're talking about devices that are going help the operations of the practice to be more efficient and, ideally, more secure. However, each one of those devices have to meet a certain standard. What we see a lot in the IoT space is that security isn’t always the top priority. That’s why it's really important for IT organizations to vet those solutions. Hackers trying to get into the network often will look for IoT devices with weak security. They'll find those as a way into the network. So, whether it’s unauthorized devices or authorized devices that lack the necessary level of security, both are areas of concern in health care networks.

What emerging trends in AI and network technology should health care IT teams be aware of?

Sands: Networks are very dynamic. They have changed dramatically over the last 5 years. If you go back in time, most of the devices within health care were wired into the network. There were still challenges and risks associated with that, we called that a controlled infrastructure.

Now, WiFi brings a lot of benefits—mobility, access to information, anywhere, anytime. It's a huge benefit for health care, but at the same time, it creates a highly dynamic environment. You have your own network to manage. You also have personal devices—users bringing in smartphones, smartwatches, gaming devices—and then you also have neighbors. Hospitals, clinics, and nursing homes can have business or residential neighbors with WiFi networks. The environments are very complex and dynamic. For IT organizations to keep up with this fast-paced, evolving environment, automation—often AI-driven—is a huge benefit. Trying to manage it manually is very time-consuming and can disrupt business operations.

If we shift to AI-driven automation to manage the infrastructure and day-to-day operations of the networks, that is going to save time. It's also going to be a lot more responsive, because if there are security or performance issues, you're going to know right away.

For most IT organizations, that's what we recommend—not just Wyebot, look for solutions that are going to bring automation into the equation to support these growing, dynamic IoT cloud computing trends that are taking off and changing the landscape.

How can health care organizations build a more resilient and adaptable WiFi infrastructure to support AI-driven innovations?

Sands: WiFi technology is emerging. New standards are coming up, and that's a huge benefit for health care because it will improve performance security. There are more frequency bands available now with a lot more capacity.

The good news is that keeping up to date and tracking how the new standards can help your operation is very important. That doesn't mean you need all the new technology throughout the whole organization—that could be an expensive endeavor. But you should be aware of where you need it by analyzing the operations and understanding the use cases, bandwidth requirements, and security needs.

The second point, which we’ve touched on, is automation. We have these complex environments. We know they're going to become more complex. There are going to be a lot more devices connected into WiFi in every organization. It's just going to continue to increase, and so having automation laid on top of the emerging new standards will allow these operations to be very efficient and cost effective. It improves the return on investment (ROI) because you don't need as many resources spending time on day-to-day WiFi management. Tracking new standards and leveraging the new automation capabilities to compliment that are the recommendations that we provide to health care organizations.