Martin Luther King Jr. Community Hospital has one of the busiest emergency departments in Los Angeles County.
It opened in 2015 and is one of only three hospitals in Los Angeles to receive a Health Care’s Most Wired award, which is an authentication of a hospital’s optimal use of information technology. The hospital also was honored with an Outstanding Security Performance Award from ASIS International.
Healthcare networks increasingly have been targeted by threat actors as ransomware attacks, cybersecurity incidents and data breaches all are becoming more common and problematic.
“While working with our IT team to determine possible security enhancements to protect personally identifiable information and protected health information, we recognized our IDF and server rooms were vulnerable to a physical breach,” said Mark Reed, director of support services at Martin Luther King Jr. Community Hospital.
“If someone breached a data-sensitive area, they would have access to everything,” he continued. “Suppose threat actors access a hospital’s data center. In that case, they have access to the inner workings of the entire organization, making it critical that we secure our physical spaces through enhanced access control.”
In response, hospital leadership conducted a comprehensive risk assessment and determined the facility needed increased security controls for IT and other sensitive areas. However, there was concern the ID badge-based entry system introduced new challenges and vulnerabilities if ID badges were lost or stolen.
“Therefore, to enhance our security posture, we sought biometric authentication and access control solutions to supplement our existing access control solution provided by AMAG Technology Symmetry Access Control,” Reed said.
Hospital leadership and security teams began researching different biometric-based access control systems to fortify on-site security. They knew they needed a system that would support their security objectives and people.
They concluded vendor Alcatraz AI best fit their needs.
“The hands-free facial authentication method was incredibly reliable, and it didn’t incur many restrictions, like dirty fingerprint readers or unreliable sensors, that impacted other security products.”
Mark Reed, Martin Luther King Jr. Community Hospital
“For starters, Alcatraz AI demonstrates an incredible success rate for its authentication,” Reed noted. “The hands-free facial authentication method was incredibly reliable, and it didn’t incur many restrictions, like dirty fingerprint readers or unreliable sensors, that impacted other security products.
“At the same time, our staff liked facial authentication as an access control method because it followed a familiar process that many already use to unlock their phones,” he added.
As the hospital tested the product and assessed its efficacy, it was happy with the results. The technology proved familiar, easy to use and effective. As authorized personnel approached a door, it automatically unlocked, creating a seamless workflow that met security and functional needs.
MEETING THE CHALLENGE
Martin Luther King Jr. Community Hospital piloted the vendor’s technology called The Rock, which it installed in its security operations center. This space houses the most sensitive security technologies and security teams, allowing personnel to test The Rock for five months.
“We tried everything to cause the machine to fail,” Reed explained. “People obscured their faces and used other maneuvers to trick the authentication, but the system worked flawlessly.
“After using it every day for five months, our security team deployed it to our sensitive rooms, including IDF closets, server rooms and other hospital locations where private data or critical technologies are stored,” he continued.
As more staff interacted with The Rock, the team began receiving requests from other staff members to install The Rock in other areas because it simplified workflows and enhanced access control practices.
“Now The Rock is fully integrated with AML systems and our AMAG access control system,” Reed noted. “The process is seamless.”
The Rock increased security in sensitive areas and helped ensure the hospital did not have any security breaches, Reed reported. A single breach would be devastating to patients and operations, and the added security features helped make data security an extension of the patient care mandate, he added.
“Notably, since installing The Rock, the system hasn’t had any downtime, and it’s operated with 100% reliability, making it an important part of our holistic security efforts,” he said.
“It also helped us achieve HITRUST Certification, which affirms that an organization has undergone a rigorous information security program assessment,” he continued. “The program provides prescriptive and measurable criteria and objectives for applying ‘appropriate administrative, technical and physical safeguards.'”
HITRUST does not replace or substitute HIPAA compliance programs, but it is widely accepted in the industry as a best practice for healthcare networks adhering to the highest data security standards.
ADVICE FOR OTHERS
“Healthcare organizations should consider facial authentication security solutions,” Reed advised. “Be sure to get a demo of what’s available before buying.
“Ultimately, I recommend facial authentication because everyone’s familiar with it,” he added. “When you look at the success that Apple has had with iPhones, it’s comparable technology. When I talk to other hospitals or departments, I clarify that it’s the same thing. People trust their phones, and they can trust facial authentication readers as well.”
Finally, the hospital is HIMSS Stage 7, he noted.
“We were encouraged to push and have the best, most updated technology to improve our patient, staff and hospital experience,” he concluded. “Whether adopting electronic health records or enhancing our security solutions with facial authentication, we recognize that the right technology can be the key to improving outcomes across the board.”