Internet Access Control for Hospitals

Why is Internet Access Control for Hospitals So Important?

In recent years, Internet access control for hospitals has become increasingly important. Many health systems have WiFi networks that can be accessed by staff, patients and guests, yet without controls in place to restrict online activities, Internet access can be abused. The effect could just be slowing of the network due to WiFi users streaming videos or downloading large files, but the consequences of allowing unfettered internet access could be much more severe. It could result in a malware or ransomware infection.

Ransomware encrypts medical records preventing access and can take medical equipment out of action. The recent NotPetya attacks involved entire systems being sabotaged by wiping the master boot record. Keyloggers are used to obtain login credentials to gain access to PHI.

An Internet filter for hospitals ensures that all users of the WiFi network are prevented from accessing websites that are known to host malware or exploit kits that can download malware or ransomware. Any user that attempts to visit a known malicious website will be stopped from doing so before any harm is caused.

Since malware infections can take networks out of action, this can have a negative impact on patient safety. Many hospitals have been forced to cancel operations and appointments as a result of having access to patient data blocked.

Not only can an Internet filter prevent costly malware attacks, it will also help with HIPAA compliance. The HIPAA Security Rule requires hospitals to implement controls that reduce the risk of malware attacks that can threaten the confidentiality, integrity, and availability of protected health information.

How Does an Internet Filter for Hospitals Restrict Access to Certain Website Content?

Internet access control for hospitals is usually achieved with an Internet filtering solution. An Internet filter is essentially a software or hardware solution that enforces acceptable Internet usage policies. Hospitals configure the Internet filer by programming in a set of rules that prevents certain websites or categories of website from being accessed. Typically, categories would include adult websites, gaming sites, gambling sites or file sharing websites. It is also possible to block websites by keywords or keyword density. For example, rules can be set that block a website if a certain keyword – ‘sex’ for instance – is above a certain threshold.

Most Internet filters for hospitals also support blacklists. Blacklists are lists of websites and webpages that meet certain criteria. For example, security companies maintain blacklists of phishing websites and webpages known to host malware. The Internet Watch Foundation maintains a blacklist of websites that contain images of child abuse and child pornography.

When a user attempts to visit a blacklisted website or a webpage that contravenes the Internet filter’s policies, the user is directed to a block page advising them that the site has been blocked because the site contravenes the hospital’s acceptable usage policies.

Blocking Internet content by category inevitably leased to false positives; however, whitelists can be created to allow access to websites that would otherwise be blocked by category controls.

Internet Access Control for Hospitals Applies to Both Wired and WiFi Networks

Internet access control for hospitals should be applied to wired and WiFi networks. Different controls can be set for computers connected to the hospital network and WiFi networks. Networked computers must be protected as a malware infection could all to easily spread throughout an organization. Internal WiFi networks used by staff must also be protected to prevent mobile devices from being infected. Infected mobiles could transfer infections to other networks.

Hospitals also offer Internet access to guests and patients through separate WiFi networks. Internet access control on these networks will ensure guests cannot be infected with malware and cannot access inappropriate website content such as pornography. Restrictions can also be placed on bandwidth-heavy activities such as the streaming of video content to reduce the strain on the network and ensure everyone can enjoy reasonable Internet speeds.

What Other Benefits Come from Internet Access Control for Hospitals?

Preventing malware and ransomware downloads is critical, but there are other benefits to be gained from Internet access control for hospitals. Cybercriminals are not the only people that are interested in stealing sensitive patient data. PHI has a high value on the black market and identity thieves are willing to pay top dollar for patient health histories. By blocking access to file sharing websites, hospitals can make it harder for rogue employees to steal data.

The Internet can be a major drain on productivity. When employees spend time accessing the Internet for personal reasons, healthcare systems suffer major losses. One study calculated the productivity losses for an organization with 1,000 employees to be $35 million a year, just from an hour of personal Internet use per employee, per day. Without Internet access control for hospitals, health systems can suffer major productivity losses.

The accessing of pornography is also a major drain on productivity and has potential to cause HR and legal issues. Studies suggest the accessing of pornographic websites at work is common. Blocking pornography with an Internet filter allows hospitals to reduce legal liability and ensure their networks are family-friendly – something which is especially important for WiFi networks that are accessed by patients and guests.

How to Choose the Right Internet Access Control for Hospitals

There are many considerations when selecting the best Internet content filter for hospitals. The best solution will depend on the size of the organization, number of Internet access points and level of control that hospitals require. Many solutions can be used to protected wired networks, yet cannot be used to protect WiFi access points. The ideal solution can be used to protect all networks and allow different controls to be applied for different users and user groups.

Hardware-based Internet filters require the purchase of an appliance, which will have restrictions on the number of users that can connect to each network. The more users, the more powerful the appliance must be. Most hospitals would need multiple appliances, which can add to the cost considerably. These hardware solutions also lack scalability. As the number of users increases, hardware must be upgraded. Hardware-based filters can also have a negative effect on Internet speed.

A cloud-based solution is usually the best option. Cloud-based Internet filters require no hardware or software downloads. They are updated automatically by the solution provider and can be configured and maintained from any location with an Internet connection, easing the burden on the IT department. They are also highly scalable and can be used to protect any number of Internet users with no latency.

Other considerations when choosing a solution that offers Internet access control for hospitals should be:

  • Ability to block websites in multiple languages
  • A comprehensive suite of reports to allow Internet access to be carefully monitored
  • Granular controls to allow Internet controls to be fine-tuned
  • Ability to create controls for different locations, user groups and users
  • Ability to update blacklists automatically
  • Availability of APIs to solve integration issues
  • The level of support offered by the solution provider
  • Time-based controls allowing restrictions to be applied at busy times to conserve bandwidth.