The challenge of ensuring secure
clinics and hospitals for patients
and staff
17 September 2015
What’s your emergency?
Critical issues for hospitals and
medical centres
Workplace violence
Budget/funding
Technology integration and management
Active shooter
Staffing and training
Patient behavioural health and violence
Asset protection/theft
ASIS: The 2014 Security 500 Sector Reports
Top security concerns
Guardian 8 Survey
8%
10%
12%
16%
17%
19%
24%
56%
57%
OSHA fines
Employee retention
High incidence of fatalities
Lack ofaccountability/documentat…
Administrators'understanding of regulations
Legal fees/repercussions
Disruptions to patient care
Office safety
Patient safety
Increasing crime and violence
Health Facilities Management/ASHE 2012 Hospital Security Survey
0%
0%
1%
1%
3%
3%
8%
9%
10%
11%
12%
17%
17%
18%
21%
25%
26%
33%
79%
80%
78%
78%
74%
79%
77%
78%
74%
75%
77%
70%
75%
64%
68%
68%
68%
60%
21%
20%
21%
21%
23%
18%
15%
13%
16%
14%
11%
13%
8%
18%
11%
7%
6%
7%
Infant abduction - actual
Infant abduction - attempted
Shootings in hospital and on grounds, excl. ED
Shootings in ED
Bomb threats
Staff-on-staff violence
Other thefts (major - more than $500/item)
Patient care equipment thefts
Pharmaceutical and supply thefts
IT equipment thefts
Domestic incidents involving employees
Other thefts (minor - $500 or less/item)
Elopements/patient wandering
Auto thefts/car break-ins
Property damage/vandalism
Attacks/assaults
Patient/family violence against staff in hospital, excl. ED
Patient/family violence against staff in ED
Change in frequency of incidents
Increase About the same Decrease
A unique balancing act
A paradox
Patients
Employees
Visitors
Vendors
Infant units
Paediatric units
Pharmacy
Psychiatric units
A fine balance
Privacy vs Security
Challenges
Patient safety
Patient elopement,
especially high-risk patients
Patients need access to
reliable emergency call
systems
Paediatric patients need to be
protected from abduction and
patient flight
Patients who may be a danger
to themselves or others
Infant protection
Potential infant
abduction
Infant care outside the
mother’s room
Mother/infant
mismatching
Patient information security
Verizon 2015 Data Breach Investigations Report
0,1%
3,1%
3,3%
8,1%
9,4%
10,6%
18,0%
18,8%
28,5%
Denial of serviceattacks
Payment cardskimmers
Physical theft andloss
Miscellaneouserrors
Web app attacks
Insider andprivilege misuse
Cyber espionage
Crime ware
Point of saleintrusions
Almost all cyber attacks can be
classified by 9 patterns
32% 26% 16%Healthcare
Miscellaneous errors Insider misuse Physical theft / loss
Typical cyber attack incidents for
healthcare
of the incidents in an industry can be described by just
three of the nine patterns.
PHYSICAL THEFT / LOSS
Any incident where an
information asset went
missing, whether through
misplacement or malice.
INSIDER AND PRIVILEGE MISUSE
This is mainly by insider’s misuse,
but outsiders (due to collusion) and
partners (because they are granted
privileges) show up as well.
Potential culprits come from every
level of the business, from the
frontline to the boardroom.
MISCELLANEOUS ERRORS
Incidents where unintentional
actions directly compromised
a security attribute of an
information asset. This does
not include lost devices,
which is grouped with theft
instead.
Verizon 2015 Data Breach Investigations Report
ON AVERAGE
76%
Cyber attacks are physical
of insider and
privilege misuse
attacks used the
corporate LAN.
of theft / loss
happened at
work.
of miscellaneous
errors involved
printed
documents.
Verizon 2014 & 2015 Data Breach Investigations Report
85%
49%
55%
Look inside your company
PWC Global State of Information Security Survey 2015
0% 5% 10% 15% 20% 25% 30% 35% 40%
Unknown
Domestic intelligence service
Foreign nation-states
Competitors
Activists / activist organisations / hacktivist
Organised crime
Hackers
Suppliers / business partners
Former service providers / consultants / contractors
Current service providers / consultants / contractors
Former employees
Current employees
Likely sources of incidents
All industries in all regions Healthcare
Screening and vetting is business
critical
PWC Global State of Information Security Survey 2015
0% 10% 20% 30% 40% 50% 60% 70% 80%
Conduct personnel background checks
Require 3rd parties to comply with our privacy policies
Employee security awareness training programme
Priviledged user access
Secure access-control measures
Accurate inventory of where personal data foremployees and customers are collected, transmitted…
Employee Chief Information Security Officer in chargeof security
Information security strategy that is aligned to thespecific needs of the business
Security safeguards in place
All industries in all regions Healthcare
Staff safety
Workplace violence Even though you know that workplace
violence occurs more frequently in
certain departments—including ED,
mental health, geriatrics, and substance
abuse—it’s very difficult to predict and
prevent staff duress
Staff duress during emergency
situations
High turnover, low morale in certain
departments particularly the ED
due to with frequent staff duress
Staff members get injured, injury
claims push up costs and overtime
needed to cover absent caregivers’
shifts
Workplace violence
Occurrences Perpetrators
30%
18%
10%
4%
1%
One type Two types Threetypes
Four types Five types
27%
15%
31%
14%
4% 4% 4%
Number of different types of violence experienced
per respondent
Susan Steinman; Workplace Violence in the Health Sector; Country Case Study: South Africa (ILO, ICN, WHO, PSI)
Pharmacy inventory management
Little or no inventory visibility
causing overstocking to
compensate
Increased risk to patient safety due
to product expiration or
unavailability
Inefficient manual processes
Complex payment structures and
regulations
Data disconnection between
inventory costs and procedural
measures
8 to 10% of items expire annually in procedure rooms and
as much as 15% of critical assets are lost
Stanley Healthcare
Healthcare asset tracking and
management
Productivity losses due to manual
processes to manage capital and rental
equipment
“Squirrel stores” due to equipment
availability
Having a hard time locating needed
equipment, health systems end up
purchasing or renting more than they
actually need
Patient dissatisfaction due to waiting for
equipment when staff have difficulty
locating it
40% of nurses report spending up to one hour per shift
searching for equipment
Stanley Healthcare
Solutions
Top hospital security systems
being implemented
Health Facilities Management/ASHE 2012 Hospital Security Survey
12%
14%
16%
12%
20%
18%
27%
38%
25%
50%
41%
52%
72%
67%
76%
69%
71%
88%
5%
6%
4%
14%
7%
13%
14%
11%
26%
10%
21%
17%
7%
14%
10%
18%
19%
8%
Man traps
Metal detectors
Outsourced remote video surveillance and monitoring
Wireless RFID clinician badges with panic alert buttons
Biometrics
Video analytics capabilities
Physical security information management (PSIM)
Wireless panic alarm system
RFID for tracking equipment, supplies, medications,…
Patient elopement system
Visitor management system
Electronic lockdown from a central location
Wired panic alarm systems
Integrated security system
Vendor management system
Mass notification system for emergency preparedness
Digital IP-video surveillance system
Electronic access control
Already implemented Plan to implement in the next 24 months
Conduct a Hospital Security
Assessment
Analyses existing
Protocols,
Policies, and
Procedures
Evaluates physical
security
Vulnerabilities, and
Threats
Develop a Hospital Security
Management Plan
Develop and implement protocols, policies, and procedures
Hazard surveillance program
Identify trends from monitored data
Maintain, evaluate and improve system
Ensure regulatory compliance
Employ reputable security organisation
Is there a doctor in the house?
Patient
management
Patient flow
Safety
Asset
management
Inventory
management
Environmental
monitoring
Real-time locating system (RTLS)
Beyond basic security technology
Enhance with video analytics
Integrate intrusion detection, access control, and video surveillance
Add RTLS Environmental monitoring
Asset management
Enterprise Systems Integration
Beyond basic security technology
Enhance with video analytics
Integrate intrusion detection, access control, and video surveillance
Add RTLS Environmental monitoring
Asset management
Enterprise Systems Integration
Beyond basic security technology
Enhance with video analytics
Integrate intrusion detection, access control, and video surveillance
Add RTLS Environmental monitoring
Asset management
Enterprise Systems Integration
A single integrated system
Outsource non-core services
Cleaning
Maintenance
Catering
Fleet management
Stores management
Document storage
The payoff
Benefits to you
Reduction in operational costs such as administration and maintenance
Lower capital expenditures due to flexibility of single integrated system to accommodate add-on security components
Single system also keeps training costs lower
Decreased losses and lower associated operational costs
Improved business continuity via a more robust, resilient, and responsive operation
Greater end-to-end transparency for improved process management and efficiency
Independent study showed that for single integrated system 24% saving in installation cost for 13500m2 building
33% reduction in training
82% reduction in IT administration
32% reduction in cost of changes, upgrades and additions
Strategic ICT Consulting, Teng & Associates
Thank you
Top Related