Proximity access cards are designed to make medical facilities secure but what can be done when cheap, easily-purchased equipment can render them useless?
Hospitals, clinics and pharmacies rely on access cards to allow authorized workers in and to keep unauthorized people out. But a new threat is rendering these security measures useless.
A hacker can purchase a proximity card copier for $10 on Amazon or eBay. Hackers willing to spend a few hundred dollars can even grab access cards from a distance as employees walk by. The fact that proximity cards have been compromised is not a well-known issue but it’s a serious vulnerability that leaves medical facilities vulnerable to potential theft and violence.
No matter how strong a hospital’s cyber security implementation may be, if the facility’s physical security system is vulnerable, the door is literally left open for all kinds of malicious payloads that can be delivered to the network, and patient data can be copied and sold. The possible HIPAA violations are disastrous, not to mention the financial implications due to fines and lawsuits.
So, where does this leave us? Hospitals have already spent millions on protecting their facility with access control systems and so what can be done to remedy the problem?
The good news is that there are solutions to the problem. Security-conscious access control companies have released new high-security access control readers and encrypted credentials that solve the copying dilemma.
The latest widely available encrypted reader and credential technology is Mifare DESFire EV2, it protects the access control data by using encryption keys. This means the reader must verify that the card is “authentic” before it can read the card format and pass it up to the access control system. These cards cannot be copied.
If this route is chosen, a hospital only needs to replace the old card readers with these new high-security readers and issue employees and contractors new cards. Best of all, most of the existing access control system can stay in place, including the wiring between the reader and the system in most cases.
Companies like AMAG technologies have released a new line of “Symmetry Blue” readers that feature multiple technologies in the readers supporting a smooth transition from the past (Prox cards) to the present (encrypted smart cards) to the future (Mobile phone Bluetooth credentials). Furthermore, the encrypted smart cards offered by AMAG include the LEAF (www.LEAFIdentity.com) data structure and are available with off the shelf or custom cryptographic keys. These cards also feature the ability to use other applications like time tracking, cafeteria billing and more, all protected from hackers.
To future-proof your security and advance to the next step in access control, ditch the plastic cards and let your employees use their smart phones. It’s good for the environment and will save the facility money because no new cards are required, the employees can use their own smartphones. Best of all, the new Bluetooth credentials from companies like AMAG come at no extra charge.