One of Los Angeles County’s busiest emergency departments is located at Martin Luther King Jr. Community Hospital.
It was one of just three Los Angeles hospitals to obtain the Health Care’s Most Wired award, which recognises excellence in a hospital’s use of information technology, after it opened in 2015. ASIS International also presented the hospital with an Outstanding Security Performance Award.
THE ISSUE
Malicious actors are increasingly focusing on healthcare networks due to the rise in ransomware attacks, cybersecurity problems, and data breaches.
According to Mark Reed, director of support services at Martin Luther King Jr. Community Hospital, whilst also continuing to work with the IT team to identify potential security advancements to safeguard personal identifying information and protected health information, they recognised their IDF and server rooms were susceptible to a physical breach.
He continued, if someone broke into a data-sensitive sector, one would have exposure to everything. Let’s say malicious individuals gain access to a hospital’s data centre. In such circumstances, it is crucial that users secure their physical areas through improved access control as they have access to the inner workings of the entire firm.
In response, hospital administration carried out a thorough risk analysis and found that the facility required more stringent security measures for its IT system and other sensitive locations. The ID badge-based admission system, though, raised questions about potential risks and weaknesses in the event that ID credentials were misplaced or stolen. As a result, Reed explained, they pursued biometric security and access control solutions to compliment the existing access control solution offered by AMAG Technology Symmetry Access Control in order to increase the security posture.
THE PROPOSAL
To strengthen on-site security, hospital administration and security staff began studying various biometric-based access control systems. They recognised they needed a solution that would help them achieve their security goals and protect their people.
They determined that the vendor Alcatraz AI best met their requirements.
Alcatraz AI, according to Reed, exhibits a remarkable rate of success for its authentication. The hands-free face authentication approach had very few limitations, such as soiled fingerprint readers or malfunctioning sensors that affected other security devices.
The fact that facial authentication followed a routine that many people currently use to activate their phones appealed to the employees as an access control mechanism, he continued. The technology proved familiar, simple to use, and efficient; as authorised personnel reached a door, it instantly unlocked, resulting in a seamless workflow that satisfied security and functional needs. The hospital was pleased with the results after testing the product and evaluating its efficacy.
CONQUERING THE STRUGGLES
The Rock, a vendor’s product, was tested at the security operations centre of Martin Luther King Jr. Community Hospital. The most sensitive or classified systems and security employees are housed there, enabling staff to test The Rock for five months. Reed said, they did everything to make the machine break. People tried to deceive the authentication by hiding their faces and using other techniques, but the system was flawless.
The security team installed it in the sensitive spaces, notably IDF closets, server rooms, and other hospital sites where private data or crucial technology are housed, after utilising it every day for five months, he added. As more employees used The Rock, the team started getting requests from other employees to install The Rock in other places since it improved access control procedures and streamlined workflows.
According to Reed, The Rock is now completely connected with their AMAG access control system and AML systems. The procedure is simple.
THE RESULTS
According to Reed, The Rock tightened security in vulnerable places and assisted in making sure there were no security lapses at the hospital. The additional security measures helped make data protection an extension of the patient care mission because even one breach would be catastrophic for activities and patients, he continued.
Notably, he observed, the system hasn’t experienced any downtime since The Rock was installed, and it’s functioned with 100% dependability, making it a key component of their comprehensive security operations.
It also assisted them in obtaining HITRUST Certification, which confirms that a company has gone through a thorough review of its information security procedures. For applying necessary administrative, technical, and physical protection, the programme provides prescribed and quantifiable criteria and objectives.
HITRUST is widely regarded in the industry as a best practise for healthcare systems conforming to the highest data security requirements, but it does not substitute or supplement HIPAA compliance processes.