Addressing risks in the healthcare sector

August 2019 Healthcare (Industry), Security Services & Risk Management

The healthcare sector poses unique challenges and risks. Hospitals, for example, need to have a more-or-less ‘open door’ policy when it comes to people entering the premises and the main reception area. On the other hand, they have to safeguard their patients and limit visitor access to certain times, as well as keep unauthorised people out of areas where pharmaceuticals, expensive clinical equipment, and sensitive patient records are kept.

Mitigation of risk is where modern security and life safety technologies come in, but ZKTeco’s Luki Janse van Rensburg poses the question: how many of these devices are of benefit to the whole industry, including the patients that are admitted to the various hospitals?

“There are various challenges that employees in the health sector must face. Growth of decentralised facilities, standardising security products, cost containment across all physical security systems, employees and patients having a higher expectation of security, and protecting the privacy of patients and their records are just some of those challenges. Consequently much needs to be improved.”

He points out that security needs have also grown with regards to protecting patients’ safety. Finding new ways to balance operating costs, patient expectations and cost-effective security solutions, is feasible with a phased plan for technology migration to IP-centric solutions. “Different health sectors have various needs; these may depend on the high reliability and availability of security systems, having more cost-effective security for smaller facilities, a higher level of validated access control in critical areas, and lower operating costs for security.

“One needs to take into consideration all these factors and look for ways that technology systems can improve the various facilities that need customised solutions. With confidential data and potentially dangerous drugs and medical equipment, it can be more of a challenge for the healthcare sector to keep their premises safe than in other industries,” Janse van Rensburg states.

Therefore, he says it is essential for healthcare facilities to search the market, as certain companies have products that enable healthcare facilities to have access control systems, time and attendance devices, etc. that help to ensure only authorised personnel have access to restricted areas of the building. They need to look for companies that can assist them in selecting a system that works with the layout of their premises.

Biometrics to the rescue

Making use of biometrics within a hospital or pharmacy will ensure that security systems are more accurate and safer, says Janse van Rensburg: “Imagine having to deal with very private information and having to allow only a few people access to this information; having a biometric device installed at that restricted part of the hospital or pharmacy will ensure that management knows exactly who has been in that area, when and how long they have been there. Having a biometric time and attendance system can make it easier for hospitals to be able to record the comings and goings of doctors, nurses and staff.”

Thus, such processes will enable the department heads to monitor employees better. One might argue that because biometric machines usually require a fingerprint or thumbprint, or some other unique information needed to identify a person, this can lead to a serious risk of identity theft, but Janse van Rensburg asserts that faking or obtaining fingerprints is virtually impossible, and that one cannot obtain fingerprints from a biometric reader’s storage memory or database on a computer, because these details are encrypted by an advanced algorithm which is virtually impossible to crack.

Any healthcare facility can install a biometric device, it just depends on the level of security required by the hospital or pharmacy. “Biometrics have grown to a point where it is affordable to add biometric-based security to your facility, with no

lack in quality or technology,” he states. “Any healthcare facility is the perfect environment for biometrics, and it would be advised that every hospital, clinic, pharmacy and so on does the transition to this technology and level of security.”

The crucial involvement of upper management

As with any other type of business, hospitals are under budgetary constraints and need to be able to establish a strong security posture without overspending. Two companies that work closely together – Connectivity Dynamics (CONDYN) and Secnovate – are jointly of the view that

the fundamental building block is the involvement and commitment of the organisation’s executive or board in setting acceptable levels of risk or risk appetite of the organisation and acceptable residual risk that is defined in terms of the assets to be protected. In addition, the executive/board should provide guidance on all security policies, standards, procedures and business processes required to ensure proper risk management.

In the lifecycle of risk management, each identified risk should be assessed in regard to its mitigation strategy and business impact analysis to ascertain whether residual risk was within the parameters determined by the board. A security framework should be established to assist the executive in overseeing this process as this would be the main means by which the executive/board retains connection with the overall security posture of the organisation and is able to provide the necessary executive direction required to oversee the organisation’s risk and security management process.

CONDYN and Secnovate recommend that a multi-level security programme, with assigned actions and responsibilities across the different layers of management, staff, business processes and technologies, will assist with responding to each of the security lifecycle phases of:

• Risk identification, in accordance with ISO/IEC 27005, including a review of the technical and business process architectures for risks and vulnerabilities, vulnerability scanning of the internal systems, external vulnerability scanning and penetration testing, and access control and physical security control review.

Typical examples relevant to hospitals/clinics include the protection of patient and other confidential information (especially in the context of the PoPI Act and its obligations), the management of internal fraud, external cyberattacks on assets, etc.

• Prevention, including security policies, mitigation controls to deal with identified risks, guided by ISO/IEC 27002 or other appropriate standards, event collection and monitoring, etc.

Since human error is associated with the majority (over 90%) of security breaches, the immediate priorities could include providing staff with basic cyber-awareness training, thereby enabling them to become proactive first-line cyber-defenders.

The most common approaches include the protection and management (hardware and software) of endpoints and servers, and the monitoring of information transfer such as through USB drives, printers and others.

• Detection – subject to the implementation of the event collection and monitoring and the establishment of a monitoring team, event correlation and incident detection can be implemented.

• Response and remediation, including elements such as a disaster recovery and business continuity plan, incident response protocols, etc.

Harnessing and integrating technologies

The major problem with having many separate solutions is that a breach (such as data being leaked or shared, or someone accessing the system illegally) may not be discovered until it is too late, CONDYN and Secnovate concur. In addition, the gathering of investigative reports may also be compromised as these may only be accessed through different solutions – resulting in costly delays.

The most effective remedy is to deploy a single, integrated real-time solution that monitors all areas all the time, and that sends alerts out when any risks are detected. Such integrated solutions are available on the market, the companies point out.

There are a variety of information gathering solutions and management platforms available which are capable of addressing physical security within and outside healthcare facilities, and provide valuable information on activity such as visitor movement. These capabilities include video cameras with and without facial recognition, and licence plate recognition – supported in many cases with intelligent software.

There are many solutions available which enable the automation of entry and exit control and the provision of alerts should any unauthorised person attempt to gain access to a facility. These solutions are based on facial recognition and video analytics, and have proven track records in a host of applications.

CONDYN’s fraud and risk management solution can provide healthcare facilities with a range of benefits, including the detection of insider fraud, and assist these facilities with compliance to PoPI Act obligations. The system is capable of detecting abnormal internal behaviour across a wide range of communication and system channels.

The solution protects a company from insiders leaking sensitive data by checking inbound/outbound traffic for compliance with security policies, controlling the creation, movement, change of confidential documents on local workstations as well as shared locations, and simplifies the work of the information security department.

The system has powerful analysis of text, audio, video, graphics, and an embedded User Entity Behaviour Analytics (UEBA) component. Software capabilities include:

• Identification of weak spots that could be detrimental to the company. The solution searches for spots where a breach can occur and puts out a potential threat alert before an incident happens, thereby promoting a corporate security culture.

• Information flow and employee activity monitoring. The system controls all the data transfer channels, examines the information stored and moved within the company’s network, captures all the processes and employee activities, and analyses their behaviour.

• Corporate data analysis. Powerful analytics, various search options, automated graphics and audio analysis allow one assigned specialist to monitor thousands of staff members.

• Incident assessment. The system puts out alerts on policy violations and irregular employee activities, helping with investigation of incidents and improvement to security policies to minimise risks.

• Risk management. The software provides a comprehensive approach to internal monitoring. The system facilitates risk management, tracks events as soon as they occur, and runs investigations to prevent them in the future.

• Risk prevention. The system visualises all the events and connections within the company by issuing reports – relational graphs enable the user to detect irregular activities, analyse possible threats, and prevent incidents.

For more information contact:

• CONDYN, +27 12 683 8816, [email protected], www.condyn.net

• Secnovate, +27 83 252 5727, [email protected], www.secnovate.com

• ZKTeco, +27 12 259 1047, www.secnovate.com, www.zkteco.co.za



Credit(s)






Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire safety in commercial kitchens
Technews Publishing Kestrel Distribution Products & Solutions Fire & Safety Commercial (Industry)
Fire safety in commercial kitchens is becoming increasingly critical. Defender is Europe’s first EN 17446:2021-approved kitchen hood fire suppression system and offers the indispensable safety measures required.

Read more...
Linear heat detection (LHD) from Technoswitch
Technews Publishing Technoswitch Fire Detection & Suppression Products & Solutions Fire & Safety
SecuriHeat LHD by Securiton prevails where conventional fire detectors reach their physical limits. It copes well with extreme temperatures and constantly high atmospheric humidity, while precise measurements are also possible when corrosive gases and contaminated air are present.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
From the editor's desk: A burning issue
Technews Publishing News & Events
      Welcome to the first publication from SMART Security Solutions devoted to the fire industry. In the BMI report, sponsored by the Elvey Group, released earlier this year, fire was the smallest component ...

Read more...
Unique fire detection challenges in hospitals
Securiton Fire & Safety Healthcare (Industry) Training & Education
Africa’s healthcare sector is a growth opportunity for business as new hospitals bring better health for millions, and the fire safety industry has a key role to play by ensuring these long-desired new hospitals do not go up in flames.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
Effective fire and smoke detection using cameras
Hikvision South Africa XtraVision SMART Security Solutions Technews Publishing Dahua Technology South Africa Fire & Safety
Video analytics, spurred on by advances in image processing, enhanced fire and smoke detection capabilities while significantly reducing false alarms in surveillance cameras. Today, AI has further improved accuracy and minimised false alarms.

Read more...
Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...