Security integration is more than a buzzword in the hospital and healthcare vertical. Increasingly, it’s a necessity.

When creating a safe and secure healthcare environment, end users should look for solutions that not only drive new levels of security and business intelligence but can provide long-term value in the future. Specifically, Kevin Wine, Vice President of Marketing, Verint, says healthcare users are looking for systems that are:

  • Open and scalable, and can easily integrate with other systems and sensors;
  • Intuitive to use and manage to help keep the focus on better situation management;
  • Comprehensive and automated to help operators align with standard operating procedures and reporting structures;
  • Intelligence-driven to correlate data with other sources of security and operational data for more accurate and comprehensive risk profile.

Enhancing security efforts by the right means

Ensuring the safety of patients, staff and visitors is no easy task, and while it is challenging for security officials to predict, prepare for or prevent every incident from occurring on the premises, robust strategies and programmes help these facilities achieve a higher level of situational awareness, says Wine. By improving security efforts with the right technology, protocols and procedures, hospitals are better equipped to ensure safety and security while driving new levels of business intelligence to ensure long-term viability in today’s market.

By improving security efforts
with the right technology,
protocols and procedures,
hospitals are better equipped
to ensure security

Healthcare facilities today seek holistic solutions that address a wide variety of security and business needs, says Wine. Video surveillance is a force multiplier, helping mitigate risks. Video and other security sensors and communication systems (i.e., access control, video analytics, dispatch, nurse call, alarms, RFID, et.al.) also help enable users to realise new levels of prevention – earlier detection is vital to prevent incidents.

Situational awareness solutions

But all of these valuable data points cannot be fully realised without correlating information from various solutions together, says Wine. Situational awareness solutions help hospitals gain a full picture of a security situation, improve communication among stakeholders, and streamline reporting to allow officials to effectively manage a situation on a more proactive basis. All of these needs are driving healthcare organisations to seek out solutions and programmes that can provide value beyond feature sets, and can help drive new levels of security and business intelligence.

Wine contends that, by integrating data from various sources into a single command-and-control platform, true situational awareness can be achieved. This comprehensive approach helps enable faster and more effective response to support a high level of safety to employees, patients, visitors and the overall community.

“Situational awareness solutions automatically combine critical data points from multiple systems and sensors, allowing operators to understand what is happening in real-time through one intuitive interface,” says Wine. “We like to think of this approach as a single pane of glass – helping enable officials to quickly and effectively identify risks, manage situations and thoroughly investigate. Bringing all data points into one platform helps allow for early detection of threats, which can also be used to initiate better planning, timely response and better decision-making.“

Access control systems now also deliver the ability to “tap” in and out of computer applications, eliminating complex passwords and password fatigue
The healthcare vertical is moving toward a complete solution that integrates nearly any system using a facility’s network

Integration: access control and beyond

Access control is an important aspect of integration in healthcare settings. Hospitals must support affiliated doctors who need to carry multiple badges for all the locations they visit, for example. Over time, administrators may want to integrate access control with visitor management, or add video surveillance and other technologies. This can be difficult to accomplish with legacy systems, which are vulnerable to security threats and can’t easily be upgraded to new features and capabilities. In contrast, the latest physical access control system (PACS) system architectures are based on dynamic technologies, making it significantly easier and less expensive to upgrade them.

“Today’s solutions enable healthcare organisations to achieve a versatile PACS that protects everything from hospital doors and storage areas to the cloud and desktops,” says Sheila Loy, Director Healthcare Strategies, North America, HID Global. “With proper planning, healthcare institutions will be able to preserve investments in today’s physical access control credential solution as they seamlessly add new capabilities in the future,” she says. The result is a fully interoperable, multi-layered and highly adaptable security solution that spans the organisation’s networks, systems and facilities, and has room to grow, evolve and improve over time.

Healthcare institutions will be
able to preserve investments in
today’s physical access control
credential solution as they
add new capabilities in the future

The latest PACS architectures support new applications such as infant protection systems, and biometrics in sensitive areas such as laboratories and research centres. There are also opportunities to “do more with the card,” says Loy. Hospitals can offer physicians, nurses and staff one card for accessing the emergency room and pharmacy, and for visual ID verification, time-and-attendance logging, payroll transactions, and cafeteria purchases. This simplifies life for cardholders while centralising and streamlining management.

To protect information, access control systems now also deliver the ability to “tap” in and out of computer applications, eliminating complex passwords and password fatigue where it can require 20 or more logins each day in order to access the hospital’s enterprise data and services. Instead, the user simply taps his or her ID card to a laptop, tablet, phone or other NFC-enabled devices to access network resources, cloud apps and web-based services. It’s easier and more secure than passwords, and faster and more seamless and convenient than dedicated hardware one-time passwords and display cards or other physical devices. Plus, there is the added benefit of using the same card that opens doors to also access data and cloud-based applications.

Integration with other systems

A complete solution that integrates nearly any system that lives on or uses a facility’s network is ultimately what the healthcare vertical is moving toward, says Jason Ouellette, Product Line Director – Access Control, Tyco Security Products. “At Tyco Security Products, we are offering this kind of holistic approach by integrating our C-CURE 9000 access control platform with video, intrusion, duress notification and infant abduction technologies together and adding license plate recognition, biometric identity management, NFC and BLE, visitor management and home automation interfaces and capabilities,” he says. “All of these systems coming through a single pane-of-glass view give operators more to see and react to.

“We are hearing more and more from customers across industries that they want to be able to use their security systems and devices for more than just security: they want added value,” says Ouellette. Many want to use access control, video surveillance and other data sources to assess their business operations and/or workflows with the goal of improving efficiency.

“I think we’ll also see more edge controllers and further development of mobile technology capabilities,” he adds.

Tighter integration between physical access control systems with specific hospital-based systems such as mother and baby alarms, asset location technologies and robotic vehicle systems are likely advances
We are going to see wider adoption of electronic access control onto almost every door in healthcare facilities

Complete security integration

Infant abduction systems like Elpas and Hugs can now be connected to access control systems, says Jim Stankevich, Global Manager – Healthcare Security, Tyco Security Products. This is significant, and the integration among these systems will no doubt grow, as this makes infant abduction very difficult. A real world example is if an infant is taken without authorisation onto an elevator. If this occurs, an alarm can be sounded, and a hospital-wide alert can be dispatched over radios and over the facility’s public address (PA) system in seconds. “This growing level of automation is one of the things I expect will continue to develop in the future,” says Stankevich. “These systems integrated into the Lynx duress/notification system allow for a wide range of notification options.”

"These end users need a way to
grant permissions in a way that
saves time and energy on manual
input, and makes changing
permissions easy and efficient"

Also, facilities require increased integration with today’s video surveillance and video management systems from their access control solutions, and there’s an additional push toward integrating human resources and other event management and directory software tools as well, adds Stankevich. “These end users need a way to grant permissions in a way that not only saves time and energy on manual input, but also makes changing permissions easy and efficient,” he says. “This is especially paramount for large-scale enterprise organisations, such as a hospital campus, that can span multiple geographic locations.”

Access control can be integrated with other systems, too. “The continuing evolution of network technologies and our interconnected world has transformed access control systems from standalone solutions into a vital part of a more robust, highly integrated system that allows users to utilise a single control platform to monitor the status of a facility,” says Robert Laughlin, President, Galaxy Control Systems. “We expect that advanced access control solutions will be integrated with patient information, identity management, video surveillance, medicine storage and distribution, parking and other systems, all of which provide information and intelligence in the form of data that contributes to the emerging model of predictive analytics. The actionable intelligence that will result from this analysis will help move security from a reactive to a more proactive function.”

Wider adoption of electronic access control

Tighter integration between physical access control systems with specific hospital-based systems such as mother and baby alarms, asset location technologies and robotic vehicle systems are likely advances that we will see adopted more often, agrees Dave Ella, Vice President of Product Marketing, AMAG Technology.

 “We are going to see wider adoption of electronic access control onto almost every door in healthcare facilities through the adoption of a new generation of locks that are wire-free and Wi-Fi-based, but that form part of the overall access control system,” says Ella of AMAG.

AMAG also sees that frictionless access – in which no physical contact needs to be made with a card or card reader – will assist in the control of healthcare-associated infections.

Read Part 11 of our Security in Healthcare series here

Save

Save

Save

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Managing security during unprecedented times of home working
Managing security during unprecedented times of home working

Companies are following government guidance and getting as many people as possible working from home. Some companies will have resisted home working in the past, but I’m certain that the sceptics will find that people can be productive with the right tools no matter where they are. A temporary solution will become permanent. But getting it right means managing risk. Access is king In a typical office with an on-premise data centre, the IT department has complete control over network access, internal networks, data, and applications. The remote worker, on the other hand, is mobile. He or she can work from anywhere using a VPN. Until just recently this will have been from somewhere like a local coffee shop, possibly using a wireless network to access the company network and essential applications. CV-19 means that huge numbers of people are getting access to the same desktop and files, and collaborative communication toolsBut as we know, CV-19 means that huge numbers of people are getting access to the same desktop and files, applications and collaborative communication tools that they do on a regular basis from the office or on the train. Indeed, the new generation of video conferencing technologies come very close to providing an “almost there” feeling. Hackers lie in wait Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical servers. Less than a month ago, we emerged from a period of chaos. For months hackers had been exploiting a vulnerability in VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix. Patches were provided by vendors, and either companies applied the patch or withdrew remote access. As a result, the problem of attacks died back.  But as companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be, the most important attack vector for ransomware. Managing a ransomware attack on top of everything else would certainly give you sleepless nights. As companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical serversExposing new services makes them also susceptible to denial of service attacks. Such attacks create large volumes of fake traffic to saturate the available capacity of the internet connection. They can also be used to attack the intricacies of the VPN protocol. A flow as little as 1Mbps can perturbate the VPN service and knock it offline. CIOs, therefore, need to acknowledge that introducing or extending home working broadens the attack surface. So now more than ever it’s vital to adapt risk models. You can’t roll out new services with an emphasis on access and usability and not consider security. You simply won’t survive otherwise. Social engineering Aside from securing VPNs, what else should CIO and CTOs be doing to ensure security? The first thing to do is to look at employee behaviour, starting with passwords. It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposed. Best practice would be to get all employees to reset their passwords as they connect remotely and force them to choose a new password that complies with strong password complexity guidelines.  As we know, people have a habit of reusing their passwords for one or more online services – services that might have fallen victim to a breach. Hackers will happily It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposedleverage these breaches because it is such easy and rich pickings. Secondly, the inherent fear of the virus makes for perfect conditions for hackers. Sadly, a lot of phishing campaigns are already luring people in with the promise of important or breaking information on COVID-19. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020. A staggering number that can only go up. That’s why CIOs need to remind everyone in the company of the risks of clickbait and comment spamming - the most popular and obvious bot techniques for infiltrating a network. Notorious hacking attempts And as any security specialist will tell you, some people have no ethics and will exploit the horrendous repercussions of CV-19. In January we saw just how unscrupulous hackers are when they started leveraging public fear of the virus to spread the notorious Emotet malware. Emotet, first detected in 2014, is a banking trojan that primarily spreads through ‘malspam’ and attempts to sneak into computers to steal sensitive and private information. In addition, in early February the Maze ransomware crippled more than 230 workstations of the New Jersey Medical Diagnostics Lab and when they refused to pay, the vicious attackers leaked 9.5GB or research data in an attempt to force negotiations. And in March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHO and healthcare organisations in general since the pandemic broke. We’ll see lots more opportunist attacks like this in the coming months.   More speed less haste In March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHOFinally, we also have bots to contend with. We’ve yet to see reports of fake news content generated by machines, but we know there’s a high probability it will happen. Spambots are already creating pharmaceutical spam campaigns thriving on the buying behaviour of people in times of fear from infection. Using comment spamming – where comments are tactically placed in the comments following an update or news story - the bots take advantage of the popularity of the Google search term ‘Coronavirus’ to increase the visibility and ranking of sites and products in search results. There is clearly much for CIOs to think about, but it is possible to secure a network by applying some well thought through tactics. I believe it comes down to having a ‘more speed, less haste’ approach to rolling out, scaling up and integrating technologies for home working, but above all, it should be mixed with an employee education programme. As in reality, great technology and a coherent security strategy will never work if it is undermined by the poor practices of employees.

How does audio enhance security system performance?
How does audio enhance security system performance?

Video is widely embraced as an essential element of physical security systems. However, surveillance footage is often recorded without sound, even though many cameras are capable of capturing audio as well as video. Beyond the capabilities of cameras, there is a range of other audio products on the market that can improve system performance and/or expand capabilities (e.g., gunshot detection.) We asked this week’s Expert Panel Roundtable: How does audio enhance the performance of security and/or video systems? 

How have standards changed the security market?
How have standards changed the security market?

A standard is a document that establishes uniform engineering or technical criteria, methods, processes, and/or practices. Standards surround every aspect of our business. For example, the physical security marketplace is impacted by industry standards, national and international standards, quality standards, building codes and even environmental standards, to name just a few. We asked this week’s Expert Panel Roundtable: How have standards changed the security market as we know it?