It’s critically important for hospitals to keep their physical security devices up and running and secure. The consequences of downtime and/or cyber compromise can be catastrophic for both physical and cyber security.  While IT and Cyber teams have tools to monitor and I secure medical and IT devices, these tools are not designed to monitor and manage physical security devices effectively. In this article, we’ll explore why – and what it actually takes to keep hospitals’ physical security devices operational and cyber-secured.

Management of a heterogenous fleet

Part of the problem with using IT or Cyber tools to manage hospitals’ physical security devices stems from the tremendous variety and complexity of those devices and their ecosystems. Physical security fleets are often made up of different types of devices from multiple manufacturers and even different models.

Physical security: A complex ecosystem

Unlike in the IT world, physical security devices and systems don’t have industry-wide standards. To manage all of these devices efficiently, a management tool would have to accommodate each device’s protocols and any APIs they use – a capability that IT tools don’t typically have.

While IT tools may provide basic information on device availability and relevant network issues, they have minimal insight into the operational status and health of physical security devices. The complexity of the physical security ecosystem mandates different management capabilities than IT. 

Additionally, when technical issues arise, these tools can’t give hospitals the full picture for root cause analysis. And they can’t help them plan ahead – a critical capability when it comes to budgeting and replacing devices as they pass their end of service. 

The key to effective physical security management

To minimize downtime, stay safe from cyberattacks, and meet HIPAA requirements, physical security teams should look for automated and remote capabilities that make their jobs easier while upholding all security standards. 

These tools should be designed for their environment and their unique challenges:

1. Get complete visibility into all your inventory

What devices do you have? Are they running consistently? If not, what is the root cause of the issue? What vulnerabilities need to be addressed? Visibility into these areas is a great starting point for a systematic approach to seeing the big picture. 

2. Automate tasks that are manual and time-consuming

Automation can help you maximize your return on investment, reduce downtime, and streamline your workflow.

Track password strength and rotation

Make sure to change any device’s default password and use long, complex, and difficult-to-crack passwords. Consider 64-character passwords, for example, even if less are required. Enforce password rotation policies. Leaving old passwords in place means that people who shouldn’t be able to access devices, such as former employees, contractors, and vendors, can still see information they shouldn’t.

Patch known vulnerabilities 

Given the high cost of data breaches in the healthcare industry, it’s essential to update firmware across your connected physical security systems. It’s also important to document your vulnerability management and patching processes for compliance purposes.

Monitor End of Service (EOS) dates

Make sure that:

• All your devices are replaced before they reach end of service
• There are no gaps in coverage 
• You have the budget to replace all obsolete devices

Stay on top of certificate rotation

Rotating certificates helps prevent outages. Tracking these certificates highlights upcoming expirations and out-of-date issues. Implementing proactive certificate management can mitigate these risks significantly.

3. One dashboard across devices, systems, and sites

To realize the benefits of automation, look for solutions that can manage your physical security fleet holistically, independent of model or manufacturer, and across your entire ecosystem of devices and management systems. 

For example, if you can restart devices remotely, you could eliminate the need for roughly 70% of the truck rolls related to physical security devices.

4. Enable seamless collaboration with IT

Collaboration between all technologies and all teams involved in managing physical security devices, including IT and physical security teams, leads to quicker response time and faster resolution. It’s essential to be able to visualize and analyze the status of all your physical security devices and to share that data across teams. This requires seamless integration with third-party platforms, including a hospital’s ticketing system, as well as the rest of its cybersecurity stack.

So, what would a remake of an  IT tool designed for physical security look like? Find out in our on-demand webinar with Salient.