WPA no longer HIPAA compliant
October 16, 2017
The CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.
The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519.
Vendors may not have updates for the firmware on their appliances for some time, yet tools that will make these exploits more easily to use in the wild are sure to appear soon. Network administrators that manage HIPAA covered entities like dental offices may be forced to turn off Wireless Access Points in their dental practices until vendors either patch their routers or build new ones that are not vulnerable.