26 Jun 2019

Editor Introduction

The ability to treat patients in a secure environment is a base requirement of hospitals and other healthcare facilities. Whether facilities are large or small, security challenges abound, including perimeter security, access control of sensitive areas, video surveillance, and even a long list of cyber-risks. We asked this week’s Expert Panel Roundtable: What are the security challenges of hospitals and the healthcare industry?

Julie Brown Johnson Controls, Inc.

Preventing security incidents is a priority and a challenge for healthcare directors. Traditionally, the success of a healthcare facility’s safety programme has been equated to the number of issues that warranted a response; though, the simple number of emergency responses is not helpful in preventing the same situations from occurring again. Institutions are transitioning from incident-based to outcome-based metrics to drive behaviours that are more consistent with the larger healthcare mission of caring for patients. Data-driven insights are becoming crucial as they can proactively identify and address risks to improve security operations across a healthcare system. For example, cloud-based technology can assist with determining the root cause of false alarms, stop activities that trigger them and eliminate unnecessary response. In a hospital setting, the platform can alert facility directors of an event in real-time and decide the appropriate course of action based on historical data from across building systems.

The most obvious challenge is that hospitals are built around an open, accessible environment, but must still protect its employees, patients and assets. No matter the industry, there is always potential for theft, and a hospital is no different. At any given time, people can walk in, seeking help or otherwise. There is a high flow of foot traffic, making it difficult for receptionists to remember faces or to detect suspicious activity. Hospitals need to maintain a level of accessibility, but also be ready to respond to any criminal activity. This is a difficult dynamic to combat, and it requires a specialised solution.

Greg Hamm Delta Scientific Corporation

For vehicle access control, medical centres and hospitals prefer beam barricades and shallow foundation barriers. Manual beam barricades are installed at the Fort Bragg Veterans Administration Hospital in North Carolina to shut down certain areas of the facility when a higher alert is sounded. They will stop a 15,000-pound vehicle traveling 50 mph. The Navy Hospital in San Diego uses high speed, high security and very shallow foundation barricades to control all vehicles going in and out of the facility. With their extremely shallow foundation, they obviate the concerns of interference with buried pipes, power lines and fiber optic communication lines. They will stop a 15,000-pound vehicle traveling 50 mph. At the National Institute of Health in Bethesda, Maryland, even stronger shallow foundation barriers are used for traffic control and protection. These barriers will destroy a 65,000-pound (5.4 million foot-pounds) dump truck traveling 50 mph and continue to stand.

When you hear the term healthcare security, it’s common to think of vast hospital campuses with high volumes of visitors every day. But we shouldn’t overlook individual healthcare facilities that are often part of a larger system and possess unique needs when it comes to ensuring protection. These smaller organisations must be intertwined and connected through a network for remote management, but they tend to encounter challenges such as costly updates for on-premise solutions, hardware investments, cybersecurity concerns and the necessity for comprehensive visitor management and video verification. These facilities can address these challenges by leveraging cloud-based services, which can help enhance business efficiency and security in a highly functional, convenient and flexible manner. The cloud provides numerous benefits, including centralisation, streamlined communication, data security and cost-effectiveness, all of which can facilitate a connected healthcare network that allows facilities to seamlessly protect patients, staff and assets.

Eric Widlitz Vanderbilt Industries

Similar to other large campus environments, hospitals face a variety of challenges when it comes to streamlining security and mitigating risks. With large, complex facilities, directors of security at hospitals struggle with controlling access to various levels of the facility. To manage the risks that hospitals face and ensure a comprehensively protected atmosphere for patients and staff, it is vital to implement integrated and innovative access control solutions. For example, ease of access with controlled entrances is vital to medical crash teams, as is the need for a zonal access control lockdown in the event of a contagious disease outbreak. Different hallways, rooms, floors and waiting areas within a hospital require different amounts of restriction, and sensitive materials, such as medical files, controlled substances and sterile environments (such as operating and procedure rooms) all necessitate an additional layer of protection.

Expansive areas with multiple buildings and structures on a campus make the security of these facilities more difficult, necessitating multiple systems that monitor various areas, such as video surveillance cameras, shooter detection, infant safety, nuclear medicine monitoring, video analytics, and more. Another challenge is presenting all of the incoming information from these systems into a single pane-of-view security operations center (SOC) that allows operators to access the information they need quickly and efficiently in the event of an incident. Today’s healthcare SOCs must be equipped and designed with these considerations in mind as these organisations aim to overcome security challenges to comprehensively protect patients, visitors, staff, and assets across the facility.

Hospitals and healthcare providers face a more tangible cyber-threat than other industries. Hospitals deal with life and death situations almost hourly, and a cyberattack could bring those life-saving decisions to a standstill. Distributed denial of service (DDoS) attacks, which can render networks useless, pose a huge threat to the operational efficiencies of hospitals, costing healthcare providers money and potentially patients’ lives. Other common attacks are also detrimental to hospital operations, malware, ransomware and data breaches. Until the healthcare industry begins to include security in all business decisions it will continue to be vulnerable to potentially fatal hacks.

There are a number of security challenges that are unique to the healthcare industry. The three biggest issues that healthcare organisations face are compliance with data security regulations, the immediate need for reliable data access, and an expanding threat landscape. These challenges aren’t new either, according to the Thales Healthcare Data Threat Report from 2018, 77% of hospitals reported a breach. As the healthcare industry continues to adopt technologies like IoT, cloud storage and more, vulnerabilities will increase exponentially without proper encryption and security standards. A perfect example of this is the recent Quest Diagnostics breach which has left nearly 12 million patient records exposed by a third-party vendor. It is tantamount that companies are sure their technology is up to compliance regulations as well as the companies they partner with.

IoT and connected medical devices have created significant opportunity for hospitals to tackle major population health challenges. But these devices have also opened the door to hackers as they are leaving networks vulnerable. Bad actors hold hospitals hostage, effectively halting hospital operations and patient care until the ransom is paid. Malicious actors can not only steal sensitive patient information and alter records, they can directly interfere with a patient’s care via a medical device. To meet this challenge, today’s hospitals must prioritise implementing a process for identifying, securing and managing the risk associated with all internet of things (IoT) devices. Those responsible for healthcare technology – IT, IS and biomed teams – must work together to achieve better hospital security in today’s elevated threat landscape. While each has their own area of expertise (network management, security and healthcare technology management), they must work together to secure devices connected to the network.

Brandon Reich Pivot3, Inc.

Healthcare organisations are 100% committed to the safety and security of their patients, families and staff, which is why many facilities rely heavily on video surveillance solutions to help create safe healthcare environments and provide the highest level of protection. However, when facilities experience surveillance infrastructure failures, this can not only compromise patient care, security and safety, but also cause compliance challenges and affect daily business operations. When reliable video retention solutions are implemented, data can become a trusted source of information to the organisation and open the door to expanding the value of video from enterprise security operations to supporting other service departments and business initiatives. Utilising intelligent infrastructure to create a safe campus environment for healthcare facilities is critical in mitigating unnecessary exposure to risk, and it can assist with strict federal standard compliance for data management ensuring patient medical information is secure.

Hospital security personnel are faced with the challenge of protecting an expansive, constantly moving environment. Video surveillance, security sensors and networked systems, such as access control, video analytics, dispatch, nurse call, alarms, and RFID, help medical facilities realise new levels of awareness. However, the actual value of data derived from these systems cannot be fully understood without correlating information from these solutions together. The ability to fuse multiple data sources (even traditional security, IT and cyber) into one system helps healthcare facilities realise greater insight into what’s happening throughout the hospital. This is a significant step forward because, in the past, security teams would have to manually combine information from multiple systems to create that visibility. Managing and analysing information in real-time is critical for security operators to be able to properly assess security incidents and dispatch the right resources effectively and efficiently. Healthcare facilities need a comprehensive security.

Editor Summary

Hospitals are complex environments that require a multi-faceted approach to ensure safety and security. Even smaller healthcare facilities face a growing number of vulnerabilities, including concerns about privacy and cybersecurity. Our Expert Panel Roundtable addresses many facets of healthcare security and suggests some existing solutions to address the challenges. Heeding their insights could result in safer hospitals and healthcare facilities.