COMMENTARY: Firewalls and antivirus software alone are inadequate for defending hospitals against data breaches and ransomware attacks. Both the digital and physical environments must be protected. Managed security service providers (MSSPs) recommend physical security tools ranging from surveillance cameras and biometric access controls to patient visitor management and real-time location systems (RTLS) that work together to safeguard people and sensitive data and spaces.
This type of multi-layered security framework combines visual identification with physical access control and digital credentials to make the hospital’s overall security framework significantly more resilient. Achieving this resilience across both the digital and physical domains is critical, given the many entry points that must be managed in an increasingly threatening hospital environment.
Barriers to Adoption
No hospital wants to risk having unauthorized personnel in its labs, imaging rooms, emergency facilities, or anywhere where staff and administrators do their work. Most hospital IT teams and administrators generally know that they are only one attack away from a physical security breach with the potential for financial and reputational damage, injuries, or worse.
Nevertheless, nearly one-third of respondents to HID’s October 2024 “Securing the Future of Healthcare” survey said they were neutral to extremely dissatisfied with their hospital’s current security measures. Another 45% reported they were only somewhat satisfied. The most significant barriers to doing something about it and upgrading their physical security? Cost was cited by 74% of survey respondents. Other reasons include lack of executive support (31%) and belief that physical security is not a high priority (24%).
There are, however, many early adopters who are deploying the kinds of solutions that help mitigate threats before they intensify.
For instance, physical ID badges and lanyards, along with other traditional access control methods, still play key roles in hospital security strategies. They are used to visually identify visitors while also preventing unauthorized individuals from accessing sensitive areas or data. These physical security approaches are increasingly being augmented or even replaced by mobile and biometric authentication credentials. The HID survey found that more than a third of healthcare facilities, especially in large urban areas, now use biometric authentication, and 11% have adopted facial recognition technologies.
Another development is the integration of facial recognition and artificial intelligence (AI)-driven surveillance. Healthcare facilities that add these layers are using them to track and manage those entering and making their way through various areas of the healthcare facility. These systems can be used to flag unauthorized people, track unusual movements and behavior, and help security teams respond immediately to potential breaches.
Many facilities are also adopting automated, rather than manual, security. In our survey, 56% of respondents said their automated alert systems provide real-time alerts about potential threats and can trigger responsive actions before the situation escalates.
These automated alerting systems are often augmented with duress badges that enable hospital employees to discreetly signal distress by pressing a button on their ID badge. They are similar to panic buttons but offer the advantages of being inconspicuous and, when integrated with real-time location systems (RTLS), capable of triggering a more proactive security response with pinpoint accuracy. Fifty-three percent of HID’s hospital security survey respondents foresee moving to these types of automated security responses and 33% are now planning adoption.
Defining Success
As the healthcare industry moves from physical to digital identity management solutions, they are also taking a more integrated, multi-layered approach, blending physical and cybersecurity measures. They are balancing digital solutions with ID badges and other traditional visual identification methods that are still vitally important in many parts of the healthcare facility.
A successful transition to this multi-layered, future-proofed security framework will enhance patient care and improve the hospital experience. It will make employees safer, enable the hospital to better manage visitors, streamline workflows, and enable healthcare facilities to prevent unauthorized access to sensitive areas by detecting and responding to potential threats in real-time.
Almost 70% of HID’s survey respondents foresee a future where cyber and physical security challenges are addressed simultaneously to mitigate potential risks in both environments. With this approach and ongoing investments in further improving this resilient, multi-layered security foundation, healthcare administrators can better protect valuable data and other assets while forging a safer future for patients, staff, and visitors.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to MSSPAlert.perspectives@cyberriskalliance.com.
