Security problems and criminal activities have been a problem for private hospitals for a long time. There have been a variety of security problems that result in massive losses to the hospital authority as well as the families of the patients. These problems must be solved immediately to prevent the losses as well as reduce criminal activities in hospitals to as much as possible. With the rapid growth of private hospitals in the last few years, the issues have also grown (York and MacAlister 2015). The hospital authorities promise best quality of services but most of them are not aware of all the issues that are related to hospital management. As a result, they do not take necessary steps to solve these issues before they grow to be major threats. Although the private hospitals boast of latest surveillance techniques, in reality, it is the fault of the surveillance system that results in the unethical and criminal activities in the hospital premises. Almost all private hospitals have installed surveillance cameras within the hospital premises to monitor entry and exit of people. Again, cyber issues arise due to lack of sufficient and strong firewall in the information server of the hospital. The hospital information system contains a huge amount of confidential information including personal details of the patients
In this report, the security issues in private hospitals have been discussed in detail and possible preventive measures have been analyzed.
Rise of Private Hospitals and the Associated Issues
In the last two decades, a large number of private hospitals have grown up throughout the world. This is mainly because the government hospitals do not provide the quality of services to the patients as they used to. The private hospitals – although extremely expensive – provide prompt and high quality services (Lian, Yen and Wang 2014). Moreover, they have upgraded their ICT setup in order to reach the patients even better and provide services 24*7. Further, they maintain clean and well-monitored premises in the hospital buildings. However, in spite of these, the private hospitals face a number of security issues. The most common issues are discussed as follows.
Security of Sensitive Areas – This issue is related to the security of sensitive hospital areas like birthing center, nuclear medicine, emergency wards, pediatrics, psychiatry, surgical and food services. In many hospitals, there have been reported massive unethical activities in these areas that vary from food poisoning, capture of picture of a woman giving birth, deliberate prescription of wrong medication for disrupting a surgery event thereby risking a patient’s life (Collins, Ricks and Van Meter 2015). Although the private hospitals have several surveillance tools, unethical people manage to conduct these activities with or without the help from internal employees and staffs. In the last few years, these activities have considerably increased even with improvement of hospital securities. The development of the internet has further aided these issues – as anyone can contact anyone from anywhere. Hence, an unethical worker inside the hospital can get instructions while on the duty to perform some unethical activity and the contact will go undetected. Again, selling of the women pictures have been much easier as the unethical photographer can easily transmit the pictures from inside the hospital to anywhere through the internet (Lee, Alasaarela and Lee 2014). Moreover, these pictures can be leaked online in the internet causing a great deal of wrong impression and society’s wrath on the targeted women. For these purposes, hospitals are easy to exploit and bribing of the hospital staffs and workers help to further get into the sensitive departments of the hospitals.
Access Issues – This is a glowing instance of rising criminal activities in hospitals. This mainly includes abduction of newly born children from the hospital premises. This is an extremely serious and growing issue as thousands of babies are abducted from hospital premises every day all over the world (Mumcu et al. 2014). In spite of active security systems, the criminals manage to abduct the babies from the birthing wards. Again, due to almost open access, other criminal activities like theft, assault, rape and others are not uncommon in the private hospital premises. After some in-depth analysis, it has been found that the access issues happen because of some internal employees or some people related to the organizational structure of the hospital. Hospital is a place where the sick and injured people are treated back to normal health using specific medications and intensive medical care. However, some unethical people disrupt medical services in the hospitals for monetary gain. These people range from individual low class thieves to high category large gang of traffickers that are also connected to the dark world. The small time thieves enter the hospitals to steal money or newborn babies that they will use as street beggars in the future (Feng, Onafeso and Liu 2015). On the other hand, the mafia-linked high class thieves steal babies for trafficking as well as spread some diseases through biological poisons in order to create an artificial epidemic. From this epidemic, many medical manufacturers can profit as the sales of their medicines increase significantly. Hence, the access issue in the hospitals is much more serious than one can imagine and is a huge threat to mankind.
IT Security – With any advanced IT and ICT setup comes the cyber security threats. In order to connect the information centre of the company to the outside world, the whole database in the server is connected to the internet. Although several measures are taken to prevent the issues, cyber attacks continue to happen (Top, Akdere and Tarcan 2015). The unethical hackers use some strong hacking tools to break into the information database and steal confidential information like personal details of a patient, medical records of the patients, financial status of the hospital and others. All these data and information are either used for ransom or for medical assault on a particular patient. Medical assault refers to the event when some unknown person mixes something with the patient’s medication that results in allergic outburst of the patient that can also be fatal for the patient. This issue is similar to the one discussed under the previous header (D’Angelo 2016). However, the main IT security threat lies in the information system setup of the company. Once the internal server of the organization is compromised, all the confidential information and data of the hospital are leaked. Some recent studies have suggested that healthcare is the most vulnerable industry against cyber security threats. This is because, the private hospitals provides less attention towards IT security as they mainly deal with medical services to the patients. As a result, the information system server is kept weak and vulnerable to the attacks. Beside hackers, another main IT security threat is the ransomware. It is a specially dedicated software that enters into the server and strongly encrypts all the important documents stored in the server. These encryptions are almost unbreakable unless provided decryption keys. Using this opportunity, the ransomwares demand huge amount of ransom from the users and provide a fixed deadline (Kwon and Johnson 2014). With each day, the ransom amount increases significantly until the deadline. After the deadline is over, the files are permanently deleted by the ransomware. The amount of these ransomwares are extremely high (millions of dollars) and must be paid in digital currencies or bit coins. These ransomwares are extremely dangerous threats and all the data and information are lost from the system. Moreover, even if the files are recovered by paying ransom, the hospital loses a huge amount of money. Hence, the information system setup of private hospitals must be secured immediately in order to avoid these ransomwares and malwares at any cost.
Different medical researchers have analyzed the recurring issues in the private hospitals and have identified several reasons behind the recurrence of these issues on a frequent basis. These reasons are as follows.
Inappropriate Surveillance – Although the private hospitals boast of latest surveillance techniques, in reality, it is the fault of the surveillance system that results in the unethical and criminal activities in the hospital premises. Almost all private hospitals have installed surveillance cameras within the hospital premises to monitor entry and exit of people. However, the main flaw in this system is that there are almost no personnel available to monitor the activities (Mosadeghrad 2013). The security cameras record every activity and play live video on a TV in the monitoring room. However, someone has to be present to watch over the activities. On the other hand, it has been seen that the appointed staffs ignore their work and do something else or there are no staffs for monitoring process. With the massive rise of private hospitals and increasing human diseases, more and more patients are admitted to the hospitals. Hence, the duties of the surveillance staffs also increase significantly. Moreover, with the patients, a lot of relatives also come to the hospital. In order to manage the crowd, another large group of personnel are appointed by the hospital authority (Patil and Seshadri 2014). As a result, a huge crowd as well as a chaos is created. Due to the huge crowd and heavy duty, most of the security personnel ignore their duties and simply let any person inside the hospital premises. Moreover, in the crowd, individual surveillance is not possible. As a result, there are always lack of sufficient surveillance inside the hospitals. Moreover, due to extreme rush of patients, the hospital authorities cannot provide sufficient attention on the conditions of the surveillance cameras and the devices that are specially dedicated for surveillance.
Unlimited Access – This issue arises from the lack of initiative from the security personnel of the hospital. The security personnel are ordered to check and verify the identities of each and every entrant. However, it is quite frequent that this does not happen and any unethical intruder can easily enter the hospital premises (Yip and Hsiao 2014). Child traffickers enter the hospital premises due to the ignorance of the security personnel and easily abduct newborn children. After some top to bottom investigation, it has been found that these access issues happen due to some interior workers or a few people identified with the hierarchical structure of the healing center. Hospital is a place where the sick and harmed individuals are dealt with back to typical wellbeing utilizing particular meds and concentrated therapeutic care. Be that as it may, some dishonest individuals upset restorative administrations in the healing facilities for financial pick up. These individuals extend from individual low class hoodlums to high classification substantial group of traffickers that are likewise associated with the dim world. The little time hoodlums enter the healing facilities to take cash or infants that they will use as road beggars later on (Stipek 2016). Then again, the mafia-connected high class cheats take babies for trafficking and spread a few infections through organic toxins with a specific end goal to make a artificial pandemic. From this pandemic, many medical manufacturers can profit as the sales of their medicines increase significantly. Thus, the get to issue in the healing centers is a great deal more genuine than one can envision and is a gigantic danger to humanity.
Cyber Issues – Cyber issues arise due to lack of sufficient and strong firewall in the information server of the hospital. The hospital information system contains a huge amount of confidential information including personal details of the patients. This demands strong firewall in the information server in order to control the traffic and block any unauthorized entry into the server (Aldosari 2014). This does not happen and as a result, the hackers easily break into the system and steal information for ransom and other criminal purposes. Again, there are attacks of malicious files that have the ability to change the configuration of the whole system. That changed configurations might be fatal for the systems and the stored documents and files will be beyond recovery. Most of these malicious files come from external flash drives and advertisement emails that have malicious links. Once the user accidentally clicks the link, the malicious files immediately infect the system and then the whole server. There is another type of cyber security threat that is probably the most dangerous of all – Ransomware. Ransomware is a type of cyber attack in which the attacker gets access to some extremely confidential files and immediately locks them with very strong and unbreakable encryption. The attacker then asks for huge sum of money in exchange of decryption of these files (McGlynn 2016). If the user fails to pay that amount within specified time, the files are completely deleted. Once the inside server of the association is bargained, all the classified data and information of the clinic are spilled. Some current reviews have proposed that healthcare is the most defenseless industry against digital security dangers. This is because, the private hospitals provides less attention towards IT security as they mainly deal with medical services to the patients. As a result, the information system server is kept weak and vulnerable to the attacks. Hence, the information system setup of private hospitals must be secured immediately in order to avoid these ransomwares and malwares at any cost.
Based on the analysis results, it is clear that the private hospitals must take immediate actions for minimizing the risks and issues. However, this cannot be done in just one day. It requires proper planning, execution and application (Diab and Ajlouni 2015). Moreover, this will also require some expenses but it will also ensure the safety and security of the patients that avail the services of the hospitals. It is to be kept in mind that it is the matter of life and death for the patients, hence, minimization of the issues must be the topmost priority for the hospitals to ensure safety of the patients.
The suggested approach to prevent all the issues is to establish a Security Operation Center for each of the private hospitals. The sole purpose of these centers will be to manage the security of the hospital. The Security Operation Center will have smaller departments – for management security, physical security, surveillance security and cyber security. Moreover, this center should be operating 24 hrs everyday in order to continue strong surveillance that will help prevent the risks associated with the private hospitals. However, there will be several parts of duties for which, this operation centre will be responsible. The proposed security option center should have the following features that will ensure and boost the security of the private hospitals.
Inter-Departmental Communication – This is an essential factor in maintaining a close relationship between the departments in terms of security. If a suitable communication system can be set up in the hospital, the departments will be able to coordinate with each and solve security issues easily. Again, if one department gets too busy with patients, operations and others, the other departments can watch and keep security of that department easily. If all the departments of the hospital can work as a single unit, the security system of the hospital will be enhanced significantly (Cortese and Smoldt 2016). For this, a suitable communication is to be set up. This can be done by linking all the servers of the departments with a common communication server that all the internal employees will be able to access.
Figure 1: Layout for Security Operations Center
(Source: Richman 2014)
Remote Access Facilities – In the proposed system, remote access facilities should be provide that will enable the management team to keep watch on the activities inside the hospital from a different location. Moreover, with remote access facility, the management team members can also easily communicate with the in situ employees regarding security enforcement inside the hospital premises (Sultan 2014). Remote access will also help the management team to access specific documents stored in the internal server of the hospital management. This will help them to secure the files if they are not secured already.
Fixed Bandwidths and Servers – It has been seen that many employees and workers prefer to listen to music during off hours or breaks. However, if any bandwidth of waves are allowed through the server, many malwares can easily enter into the system and harm the server. Hence, the bandwidths should be fixed so that only the required streams are allowed and unwanted streams are automatically filtered.
Internet Traffic Control – This is the most important part of the proposed security model for the private hospitals. As discussed previously, the information systems in the hospitals are very vulnerable to cyber security threats. In order to solve the problems of these threats, there are many anti-virus softwares and security firewalls that ensure the securities of the information systems. It is highly recommended that the hospital authorities should use these softwares to increase the securities of their information systems (Furht and Agarwal 2013). However, it has been seen that these softwares are now not sufficient to prevent high powered attacks that can break through the internal resistance into the system and directly reach the internal server. Hence, a suggested solution is the internet traffic control. In this system, there will be a filter for controlling the traffic that comes from the internet. Using internet, any website can be opened from any location. By controlling traffic, this will not be possible anymore. Some dangerous and harmful sites will have to be blacklisted so that the traffic from these sites cannot enter into the system. This will significantly enhance the protection of the system against cyber security threats. Moreover, this will also prevent access of unwanted websites by the employees of the hospital.
Figure 2: Features of Security Operations Center
(Source: Richman 2014)
Physical Security – Finally, the physical security system should be enforced. More coordinating security team will have to be appointed who will take more care for surveillance and security of the hospital. The identity of the person must be verified before he is allowed to enter the hospital (Moe 2016). Again, there should be time limit for someone to stay inside the hospital and to maintain that, a log book can be prepared that will contain the times of entry and exit of each individual inside the hospital premises.
Conclusion
In this report, the security issues in private hospitals have been discussed and possible preventive measures have been analyzed. Security problems and criminal activities have been a problem for private hospitals for a long time. There have been a variety of security problems that result in massive losses to the hospital authority as well as the families of the patients. Hospital is a place where the sick and injured people are treated back to normal health using specific medications and intensive medical care. However, some unethical people disrupt medical services in the hospitals for monetary gain. These people range from individual low class thieves to high category large gang of traffickers that are also connected to the dark world. The small time thieves enter the hospitals to steal money or newborn babies that they will use as street beggars in the future. On the other hand, the mafia-linked high class thieves steal babies for trafficking as well as spread some diseases through biological poisons in order to create an artificial epidemic. From this epidemic, many medical manufacturers can profit as the sales of their medicines increase significantly. Again, with any advanced IT and ICT setup comes the cyber security threats. In order to connect the information centre of the company to the outside world, the whole database in the server is connected to the internet. Although several measures are taken to prevent the issues, cyber attacks continue to happen. The unethical hackers use some strong hacking tools to break into the information database and steal confidential information like personal details of a patient, medical records of the patients, financial status of the hospital and others. All these data and information are either used for ransom or for medical assault on a particular patient. Based on the analysis results, it is clear that the private hospitals must take immediate actions for minimizing the risks and issues. However, this cannot be done in just one day. It requires proper planning, execution and application. Moreover, this will also require some expenses but it will also ensure the safety and security of the patients that avail the services of the hospitals.
Based on the discussion and analysis, following recommendations can be provided.
Physical Security – In spite of active security systems, the criminals manage to abduct the babies from the birthing wards. Again, due to almost open access, other criminal activities like theft, assault, rape and others are not uncommon in the private hospital premises. After some in-depth analysis, it has been found that the access issues happen because of some internal employees or some people related to the organizational structure of the hospital. Hospital is a place where the sick and injured people are treated back to normal health using specific medications and intensive medical care. Hence, the physical security system should be enforced. More coordinating security team will have to be appointed who will take more care for surveillance and security of the hospital. The identity of the person must be verified before he is allowed to enter the hospital.
IT Security – In order to connect the information centre of the company to the outside world, the whole database in the server is connected to the internet. Although several measures are taken to prevent the issues, cyber attacks continue to happen. However, the main IT security threat lies in the information system setup of the company. Once the internal server of the organization is compromised, all the confidential information and data of the hospital are leaked. Beside hackers, another main IT security threat is the ransomware. It is a specially dedicated software that enters into the server and strongly encrypts all the important documents stored in the server. In order to solve the problems of these threats, there are many anti-virus softwares and security firewalls that ensure the securities of the information systems. It is highly recommended that the hospital authorities should use these softwares to increase the securities of their information systems. Hence, a suggested solution is the internet traffic control. In this system, there will be a filter for controlling the traffic that comes from the internet.
References
Agaku, I.T., Adisa, A.O., Ayo-Yusuf, O.A. and Connolly, G.N., 2014. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. Journal of the American Medical Informatics Association, 21(2), pp.374-378.
Aldosari, B., 2014. Rates, levels, and determinants of electronic health record system adoption: A study of hospitals in Riyadh, Saudi Arabia. International journal of medical informatics, 83(5), pp.330-342.
Boric-Lubecke, O., Gao, X., Yavari, E., Baboli, M., Singh, A. and Lubecke, V.M., 2014, June. E-healthcare: Remote monitoring, privacy, and security. In Microwave Symposium (IMS), 2014 IEEE MTT-S International (pp. 1-3). IEEE.
Collins, P.A., Ricks, T.A. and Van Meter, C.W., 2015. Principles of security and crime prevention. Routledge.
Cortese, D.A. and Smoldt, R.K., 2016. HOW TO MOVE TOWARD VALUE-BASED HEALTHCARE?. Perspectives on Complex Global Challenges: Education, Energy, Healthcare, Security, and Resilience, 1.
D’Angelo, M.S., 2016. NFPA 99 Chapter 13 and healthcare security management. Journal of healthcare protection management: publication of the International Association for Hospital Security, 32(1), p.71.
Diab, S.M. and Ajlouni, M.T., 2015. The influence of training on employee’s performance, organizational commitment, and quality of medical services at Jordanian private hospitals. International Journal of Business and Management, 10(2), p.117.
Feng, X., Onafeso, B. and Liu, E., 2015, October. Investigating Big Data Healthcare Security Issues with Raspberry Pi. In Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on (pp. 2329-2334). IEEE.
Furht, B. and Agarwal, A., 2013. Handbook of medical and healthcare technologies. Imprint: Springer.
Huang, C.D., Behara, R.S. and Goo, J., 2014. Optimal information security investment in a Healthcare Information Exchange: An economic analysis. Decision Support Systems, 61, pp.1-11.
Khan, F.A., Ali, A., Abbas, H. and Haldar, N.A.H., 2014. A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Procedia Computer Science, 34, pp.511-517.
Kwon, J. and Johnson, M.E., 2013, January. Healthcare Security Strategies for Regulatory Compliance and Data Security. In System Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 3972-3981). IEEE.
Kwon, J. and Johnson, M.E., 2014. Proactive Versus Reactive Security Investments in the Healthcare Sector. Mis Quarterly, 38(2), pp.451-471.
Lee, Y.S., Alasaarela, E. and Lee, H., 2014, February. Secure key management scheme based on ECC algorithm for patient’s medical information in healthcare system. In Information Networking (ICOIN), 2014 International Conference on (pp. 453-457). IEEE.
Lian, J.W., Yen, D.C. and Wang, Y.T., 2014. An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. International Journal of Information Management, 34(1), pp.28-36.
McGlynn, E.A., 2016. BIG DATA IN HEALTH AND HEALTH-CARE: HOPES AND FEARS FOR THE FUTURE. Perspectives on Complex Global Challenges: Education, Energy, Healthcare, Security, and Resilience, 1.
Moe, C., 2016. The Water and Sanitation Crisis in Healthcare Facilities in Low-Income Countries: Status, Consequences and Challenges.
Mosadeghrad, A.M., 2013. Occupational stress and turnover intention: implications for nursing management.
Mumcu, G., KOKSAL, L., SISMAN, N., CATAR, R.O. and TARIM, M., 2014. The effect of pharmacy information management system on safety medication use: A study from private hospitals in ?stanbul. Marmara Pharmaceutical Journal, 18(1), pp.1-4.
Naito, T., 2016. Tourniquet use by security officers. Journal of healthcare protection management: publication of the International Association for Hospital Security, 32(1), p.98.
Ondiege, B. and Clarke, M., 2017. Healthcare professionals’ perception of security of Personal Health Devices.
Patil, H.K. and Seshadri, R., 2014, June. Big data security and privacy issues in healthcare. In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 762-765). IEEE.
Plachkinova, M., Andrés, S. and Chatterjee, S., 2015, January. A Taxonomy of mHealth Apps–Security and Privacy Concerns. In System Sciences (HICSS), 2015 48th Hawaii International Conference on (pp. 3187-3196). IEEE.
Richman, C.M., 2014. Final Report to the International Healthcare Security and Safety Foundation December 2014.
Stipek, D.J., 2016. SECURE AMERICA’S ECONOMIC FUTURE BY INVESTING IN YOUNG CHILDREN. Perspectives on Complex Global Challenges: Education, Energy, Healthcare, Security, and Resilience, 1.
Sultan, N., 2014. Making use of cloud computing for healthcare provision: Opportunities and challenges. International Journal of Information Management, 34(2), pp.177-184.
Terashima, J.P., Hoffman, K., Fiestas, F., Dongo, V. and McCarty, D., 2017. Potential opioid misuse in the social security healthcare system of Peru. Drug & Alcohol Dependence, 171, p.e168.
Top, M., Akdere, M. and Tarcan, M., 2015. Examining transformational leadership, job satisfaction, organizational commitment and organizational trust in Turkish hospitals: public servants versus private sector employees. The International Journal of Human Resource Management, 26(9), pp.1259-1282.
Yip, W. and Hsiao, W., 2014. Harnessing the privatisation of China’s fragmented health-care delivery. The Lancet, 384(9945), pp.805-818.
York, T.W. and MacAlister, D., 2015. Hospital and Healthcare Security. Butterworth-Heinemann.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download