Issue link: https://securitytechnologyexecutive.epubxp.com/i/690996
May/June 2016 • SECURITY TECHNOLOGY EXECUTIVE 25 www.SecurityInfoWatch.com Hospitals have not been immune to active shooter incidents. In December of 2012, a 38-year- old man walked into St. Vincent's Hospital in Bir- mingham, Alabama, where his wife was receiv- ing care in the hospital's cardiac unit and opened fire with a handgun[iv]. He injured three people, including a police officer, before being shot and killed by officers responding to the scene. Almost a year later, a 51-year-old man armed with a shot- gun and handgun walked into Renown Regional Medical Center in Reno, Nevada, and shot three people, killing one of them[v]. While not a common occurrence, an active shooter situation would be one of the most intense situations any organization – and its security team – could face. This is especially true for medical facilities, which are extremely active, have a large number of people coming and going throughout the day, and service patients who typically would not be able to defend themselves in the face of danger. With all of these factors, a gunman could go almost unnoticed when slipping into the envi- ronment of a healthcare facility. Items found in healthcare facilities also can be targets for someone seeking to cause widespread harm. Some facilities contain infectious diseases and hazardous material that can be used in weap- ons of mass destruction[vi]. Some of the larger equipment, like MRI machines, contains large magnets that can be used to disrupt the opera- tion of firearms[vii]. And most healthcare facili- ties maintain a large supply of pharmaceuticals and narcotics. While many law enforcement agencies recog- nize the vulnerability of healthcare facilities, there has not been a substantial discussion surrounding how to prepare for and respond to active shooter incidents at a hospital or medical center. Many agencies, including the FBI, recognize this need and have begun laying the groundwork[viii]. While these discussions provide a good foun- dation, each healthcare facility – and its security team - should have its own plan of action based on the facility's layout, its number of employees and patients and the nature of the patients most commonly seen at the facility[ix]. Each of these plans should include[x]: • Proactive steps, including training of employ- ees that can be taken to identify warning signs in individuals who may have the intention of committing a violent act. • A method of reporting active shooter incidents, including informing those inside the facility and those arriving at the facility. • A procedure to lock down areas affected by the incident as well as areas with patients who can- not be easily removed from the facility • An evacuation policy and procedure for patients and staff who can escape from the building. • A plan for security response to some of the facility's more critical areas, including storage areas for chemicals and drugs. • Coordination with local law enforcement in resolving the incident. • A plan for returning to normal operations once the incident is resolved. The New Security Threat to Healthcare: Information Data Breaches Earlier this year, Hollywood Presbyterian Medical Center in Los Angeles announced that it had paid a $17,000 ransom to hackers who had seized con- trol of the hospital's computer systems[xi]. And in March, MedStar Health, which operates 10 hospitals in Maryland and the District of Colum- bia, was forced to take its networks offline after being hit by a similar attack[xii]. These are just the attacks that have been made public. We believe there are many more attacks that have gone unreported. In 2014 alone, attacks on health data accounted for 37 percent of all data breaches, marking the fourth year in a row the health sector saw more cyber- attacks than any other sector[xiii]. This account- ed for more data breaches than the retail, edu- cation, government and financial sectors com- bined. And it can be months or years before many of these attacks are noticed. Attacks on healthcare networks have been increasing because of the value of the data they contain[xiv]. With one attack, cybercriminals Most healthcare facilities are soft target for both physical and cyber mayhem because of their open environment, which means security strategies must be proactive and engaged. Image Courtesy of BigStock.com w w w . S e c u r i t y I n f o W a t c h . c o m e q u i p m e n t , l i k e M R I m a c h i n e s , c o n t a i n s l a r g e m a g n e t s t h a t c a n b e u s e d t o d i s r u p t t h e o p e r a - t i o n o f f i r e a r m s [ v i i ] . A n d m o s t h e a l t h c a r e f a c i l i - t i e s m a i n t a i n a l a r g e s u p p l y o f p h a r m a c e u t i c a l s a n d n a r c o t i c s . W h i l e m a n y l a w e n f o r c e m e n t a g e n c i e s r e c o g - n i z e t h e v u l n e r a b i l i t y o f h e a l t h c a r e f a c i l i t i e s , t h e r e h a s n o t b e e n a s u b s t a n t i a l d i s c u s s i o n s u r r o u n d i n g h o w t o p r e p a r e f o r a n d r e s p o n d t o a c t i v e s h o o t e r M o s t h e a l t h c a r e f a c i l i t i e s a r e s o f t t a r g e t f o r b o t h p h y s i c a l a n d c y b e r m a y h e m b e c a u s e o f t h e i r o p e n e n v i r o n m e n t , w h i c h m e a n s s e c u r i t y s t r a t e g i e s m u s t b e p r o a c t i v e a n d e n g a g e d . I m a g e C o u r t e s y o f B i g S t o c k . c o m