Medical Construction & Design

MAY-JUN 2016

Medical Construction & Design (MCD) is the industry's leading source for news and information and reaches all disciplines involved in the healthcare construction and design process.

Issue link: https://mcdmag.epubxp.com/i/677235

Contents of this Issue

Navigation

Page 53 of 70

determine where to focus security mea- sures and funds. Consider: people, equip- ment, controlled substances and data. Step 3: Identify the threat A variety of security threats af ect health- care facilities. Knowing which ones most likely to af ect the organization means there's an opportunity to implement coun- termeasures to reduce the likelihood that they will occur, and minimize their impact if they do. Some common threats include: Criminals: Individuals seeking to profi t by stealing, whether that be patient data, medications, property — including com- puters, medical equipment, even personal items out of a patient's room — or extortion. Hackers: Individuals who break into computer systems either as part of a criminal activity or simply for the technical challenge. Disgruntled persons: Individuals seeking some form of retribution and who pose a risk for assaulting a patient, visitor or staf member, damaging equipment or interrupting operations. Mentally unstable persons: Individuals acting out in a manner similar to the disgruntled person but are unstable due to a medical condition, medications or substance abuse. Step 4: Characterize potential impacts A spectrum of security events could occur that can be categorized as either a physi- cal or a cyber event. Security departments typically handle physical events (such as assault or theft) and IT departments are generally responsible for cyber events (such as network intrusions). But a third type of event — "cyber-physical systems" — straddles both these areas, and orga- nizations must establish a framework responsible for managing these cases. CPS risks, like cyber threats, have phys- ical-world consequences. Their impacts run the gamut from someone being able to remotely turn lights on or of or change the temperature in a room, to disabling the fi re alarm system or modifying security system operation. It's important to develop clear protocols on preventing and minimiz- ing these types of threats and impacts. Step 5: Address the vulnerabilities Research the products and systems that the organization uses to understand the vulnerabilities and potential solutions that exist. Several publically accessible data- bases catalogue vulnerabilities for all kinds of devices, including operating systems, software and hardware. Some compre- hensive options are the Manufacturer and User Facility Device Experience, the National Vulnerability Database and the Common Vulnerabilities and Exposures database. It's also important to work with manufacturers to discuss security patches and updates, as well as best practices for system use and implementation. No matter how secure a product is, if it isn't properly installed it can still pose a threat. Analysis of implementation should include a review of network segmentation, use of fi rewalls and external connectivity and modifi cations and upgrades as needed. One fi nal part of managing vulnerabilities is knowing products' origins and making sure they are acquired and delivered in a safe manner. Threats can come from many places in the supply chain, from a virus on a manufacturer's website to hardware shipped with a security vulnerability. Test products as received, maintain a healthy business rela- tionship with vendors and make sure manu- facturers adhere to greater security policies. These measures are not one-time ac- tions. Instead, a security maintenance program must be established to ensure that audits are regularly run to test the system and that patches and updates are implemented across all networked sys- tems, both regularly and as necessary. Coleman L. Wolf CPP, CISSP, is security practice leader at Environmental Systems Design, Inc. There's a lot more to motorized roller shades than up and down. Consider what counts: Quiet, powerful operation, precise shade alignment, smooth integration, convenient—even automated—control options, energy savings, and occupant comfort. mechosystems.com/WhisperShade Visit us at AIA Convention 2016, booth no. 847, May 19–21 in Philadelphia.

Articles in this issue

Links on this page

Archives of this issue

view archives of Medical Construction & Design - MAY-JUN 2016