The stories of violence in healthcare facilities, including heartbreaking incidents where nurses and patients are being attacked and sometimes killed because of improper security measures – in addition to the growing cyber attacks on hospital and patient data – is causing many healthcare facilities to heighten their stance on overall security, as they pivot budgets to bring in the right security systems and access control products.
Overall, there has been a surge in both cyber- and physical security attacks, as instances of ransomware attacks in the healthcare sector have almost doubled in the past few years, according to The Office of the Director of National Intelligence. Additionally, a staggering 80% of nurses have encountered workplace violence within the past year according to National Nurses United, a prominent national union of registered nurses.
Overall, this is a challenging and pivotal time for the healthcare sector as budgets start to shift to bring in state-of-the-art technology and access control systems to keep patients and staff safe.
Healthcare Security Assessment
Budget constraints are the most significant barrier to upgrading security, according to 74% of respondents who participated in HID’s recent State of Healthcare Security Report, which is based on input from more than 200 security and IT professionals working in a broad range of healthcare facilities.
“Many of the facilities are still operating with outdated physical security systems, whether that's the head end, or the technology itself that they're using on the card,” notes Amanda Venafro, Business Development manager for PACS, Healthcare, HID. “So, they might actually have the physical security in place, but it's not the latest and greatest, and it's not going to keep anyone safe in the long term.”
Kerry Brock, VP, Sales, Healthcare RTLS, HID, adds, “I think there are some macro factors that have impacted the healthcare space, and I think the pandemic was a bit of a catalyst in that it shined a light on the cracks and the fissures in our healthcare systems, not just in Canada and in the U.S., but globally. They're all sort of suffering from some of the same things, right? Staff shortages and an aging patient population, plus they've got these disparate technology systems that don't work very well together.”
As Brock points out, the complexity of care for an aging patient population and staff shortages, coupled with the increasing cost for everything and the increasing danger to patient and staff safety, have created a challenging time for those in charge of keeping these spaces safe. With people constantly coming and going, like a 24/7 business, physical security of a hospital is extremely difficult, and in turn tough to keep a hospital safe.
“People are not coming there at their best,” notes Brock. “There's been this increase in violence, and it is happening to the caregivers – and 80-90% of them are women – who we need so much, and yet are being assaulted verbally, physically, and in some cases killed.”
She continues, “So that's the physical challenge of it – protecting the people in there, the patients and protecting the caregivers – and then you have the unseen threats of the digital and cybersecurity threats. And those are a massive problem, right? And hospitals started to say, do I have these vulnerabilities in my system … are these properly locked down? Is my infrastructure too old and outdated that these are vulnerabilities on my network?”
The Cyber-Physical Connection
While budgets are tight, 77% of respondents in the HID survey believe it is critical for healthcare facilities to achieve digital and physical security integration. “The threat of cybersecurity and the cost of that is massive,” says Brock, who notes that these cyber incidents are bringing more attention to, and shining a light on the importance of both cybersecurity and physical security.
“Where we are seeing the success again is anything related to IT, as the cybersecurity incidents that are taking place – no one wants to be in the news,” Venafro points out. “While there are budget constraints, budgets open up a lot more for cybersecurity, and so if they can do shared budget [with physical security] and they can see, my IT needs are in line with your needs, both operationally and facility-wise, it helps to bring in the systems that are needed.”
With massive cybersecurity hits that started taking place around 2020, Brock says it is a very complex problem, and technology helps solve a lot of it. “That is why making good technology vendor decisions is so important,” she explains. “Are you choosing a vendor that's large enough, stable enough and has multiple solutions that they can bring to the table and solve your problems? I think that's really a key piece.”
Venafro agrees, noting, “The term that a lot of my end users use is ‘a single pane of glass.’ So, they're wanting that from their access control and their video – they want a unified platform. They're looking at a security [provider] who's going to have the ability to handle all their options and concerns so that they don't worry about it. They don't want to manage five or six different vendors because that also makes it harder to meet their budget at the end of the day. They want all the bells and whistles at the most cost-effective level, and they want it at the most simplified level as well.”
Electronic Access Control
While 30% have implemented access control systems and 24% use electronic patient management solutions, many healthcare facilities are still in the process of upgrading their visitor management practices, according to HID’s report. The ability to easily and effectively manage visitors through these integrated systems is essential. Currently, 38% of healthcare facilities still rely on paper forms and badges to manage visitor access.
From physical to digital identity management, conventional physical approaches such as ID badges are progressively being complemented, or in certain instances, replaced, by digital credentials such as mobile and biometric authentication. The survey indicates that 32% of healthcare facilities implement biometric authentication.
Securing visitor access is also a big area of focus and enhancing safety and streamlining compliance efficiently and effectively managing visitors through these integrated systems is crucial.
Venafro and Brock both see the healthcare space moving to more user-friendly options, such as electronic access control and mobile access.
“Ease of use is key – the newer generation of clinical stuff and other employees in the hospital who are used to using their phones all the time and they kind of expect that from their employers as well,” says Venafro. “But we're also seeing an increase of a street-to-seat type scenarios, meaning that they want to utilize the same badge [or device] to access not only doors but also their workstations or any of the other materials that they have. And phones are often something that they always have with them … you would never leave your home without it, so that's where we're seeing the increase is just usability.”
Looking at best practices, healthcare facilities are embracing a layered security approach.
“The surge in violence within healthcare workplaces, coupled with the fact healthcare is now a prime target for cybercriminals, calls for a multi-layered security approach,” says Brock, noting that this multi-layered security approach propels the adoption of integrated security management systems, real-time location systems, biometrics, and physical security measures such as duress badges and more.
The shift from physical to digital identity management, coupled with the adoption of AI-driven solutions, integrated security management systems, real time location systems and more, marks a pivotal moment for healthcare security, researchers noted, as these advancements promise to enhance patient care and experience, improve staff safety, streamline workflows, and ensure the effective management of visitors. However, The HID report highlights that “these benefits can only be fully realized through a comprehensive approach that includes robust policies, ongoing staff training and a commitment to regulatory compliance.”
[sidebar]
A Focus on the Future
Looking to the future, HID survey results suggest that healthcare facilities are preparing to embrace a diverse range of new technologies designed to enhance security. The following are some of the top areas of focus:
AI-driven Solutions
AI-driven solutions are at the forefront of these plans, with 53% of respondents anticipating greater reliance on AI and automation over the next five years, and 35% already expressing interest in adopting these technologies in the next 12-24 months. “AI offers the potential to revolutionize healthcare security by enabling faster, more accurate threat detection and response, providing a critical advantage in the fight against cyber threats.
Physical and Cyber Integration
In addition, 67% of respondents foresee an increased integration of physical and cybersecurity systems, highlighting the importance of a unified approach
to protecting both digital assets and physical environments. This convergence is essential for creating a comprehensive security framework that can adapt to the complexities of modern healthcare facilities.
There is also significant interest in integrated security management systems, with 33% of facilities planning to adopt these solutions. These systems allow for the seamless integration of both cyber and physical security measures, enhancing the overall security posture of healthcare facilities.
Manual vs. Automated Security
The Shift Towards Real-Time Responses The survey revealed that 56% of healthcare facilities utilize automated alert systems that provide real-time notifications of potential threats. These systems allow staff to respond efficiently to emerging situations, often before they escalate into full-scale incidents.
Cloud-based Systems
Cloud-based security platforms are another area of focus, with 31% of respondents planning to adopt these platforms due to their scalability and flexibility, which are crucial for managing the complex and dynamic environments of healthcare institutions.
Data Protection
The survey also highlights a strong focus on enhancing patient data protection measures, with 48% of respondents planning to adopt new strategies to safeguard sensitive information. As healthcare institutions handle vast amounts of personal data, the need for robust data protection protocols is more critical than ever.
