From “Weapons in the Workplace”
Security Management (03/18) Sorrells, Eddie. Posted by ASIS.
For most private employers, the issue of guns in the workplace is complex. There is currently no U.S. federal law regulating weapons at private workplaces, and while many state legislatures have taken up the issue, these laws vary in terms of their restrictions and make it difficult for employers operating in multiple U.S. states to implement one overarching weapons policy. By understanding the legal landscape surrounding firearms on work property, and establishing policies within the employers’ legal rights that properly address workplace violence, security professionals can help ensure a safe work environment without infringing on the legal rights of their employees. Notably, 23 states have some form of “parking lot laws” that allow employees to have firearms in their locked, private vehicles while parked on company-owned property. Meanwhile, more lawsuits can be expected regarding employee termination based on gun-free workplace policies. Florida, for example, passed a law in 2008 that prohibits employers from discriminating against any worker, customer, or invitee for exercising the right to keep and bear arms. Policies on workplace violence should include a thorough explanation of state law regarding guns on workplace property and outline how to respond to employees who are potentially violent. When firing any individual considered to be high-risk, companies should consider providing a security escort to the parking lot. Organizations should also train security officers in the use of de-escalation techniques. Finally, for workplaces that must comply with parking lot laws, organizations may consider increasing security in parking areas, such as adding an access control point, conducting patrols, installing video surveillance systems, and implementing proper lighting.
From “Massachusetts Hospital Makes Security Changes After Nurse Stabbed 11 Times”
Campus Safety Magazine (09/27/2017) Brennan, Amy
Harrington HealthCare System’s Southbridge, Mass., hospital began implementing new security measures in September following the June stabbing of a nurse by a former patient. Elise Wilson was working as an emergency room nurse on June 14 when 24-year-old Conor O’Regan stabbed her 11 times. Doctors say Wilson almost died from tremendous blood loss. Investigators say O’Regan picked Wilson at random and was seeking revenge for what he considered to be unsatisfactory treatment at the hospital three weeks prior for a wrist injury. He told court physicians that he heard voices telling him to “be a warrior.” Hospital administrators say the new security measures include limitation of visitors in emergency departments and mandatory bag searches at Harrington’s Southbridge and Webster locations. Each patient in the emergency departments will be limited to two visitors. Added public safety officers will manage visitors as they arrive. Public safety officers will also now carry batons, pepper spray, and handcuffs. “There are very strict guidelines and circumstances under which these tools would be used, and that is being communicated during the training being taken by our Public Safety Department,” says Harrington vice president Harry Lemieux. Many hospital employees, including public safety staff, will participate in de-escalation training and defensive tactics. On-site training and drills will also be rolled out with department and building-specific protocols. Two walk-through metal detectors have also been placed at emergency room entrances and additional security cameras and panic buttons have been installed throughout the hospital.
From “Mitigating Active Shooter Risks”
PropertyCasualty360 (08/16/17). Posted by ASIS.
Security professionals should prepare their companies for the possibility of an active shooting, as the number of incidents involving active shooters has risen steadily over the last 15 years. Keith Plaisance of Global SHE Solutions says implementing an active shooter program is similar to preparing for a fire drill, and survival depends on having a plan with three specific options: run, hide or, fight. Preparing for an active shooter scenario involves the development of a workplace violence policy and plan, emergency response plans, training, and exercises. For the workplace violence policy, the employer should establish acceptable workplace behavior, affirm the company’s commitment to take action and provide a safe workplace for employees, and address physical violence as well as threats, bullying, harassment, and weapon possession. Plaisance says a reporting mechanism should be in place letting employees know who to approach with concerns. He also recommends creating a threat assessment team within the company. Companies should test plans to determine effectiveness and identify potential problems, presenting plans to employees in regular training. Companies should also conduct a detailed physical security assessment, with the goal of denying unauthorized access and protecting property, personnel, and operations.
From “Microsoft PowerPoint Used as Attack Vector to Download Malware”
Neowin (08/15/17). Reposted by ASIS.
From “Fears of Hackers Targeting U.S. Hospitals, Medical Devices for Cyber Attacks”
ABC News (06/29/17) Harris, Dan; Kapetaneas, John; Zepeda, Robert; et al. Posted by ASIS.
Hospital computers and medical devices are potentially vulnerable to hacking, according to cybersecurity experts. Among the U.S. computers affected in the Petya ransomware attack that quickly spread to countries around the world Tuesday were hospital computers. Last month, the WannaCry ransomware shut down 65 hospitals in the United Kingdom, affecting not just computers but storage refrigerators and MRI machines, and last January, Hollywood Presbyterian Hospital in Los Angeles paid out $17,000 after hackers took control of its computers. To combat this problem, doctors, security experts and government employees recently converged at the University of Arizona Medical School in Phoenix to witness the first-ever simulated hack of a hospital. “Anything that is plugged in,” whether it has a Wi-Fi connection or not, can be vulnerable to hacking, and lots of medical devices, such as pacemakers and ventilators, are connected to the Internet for the benefit of the patients, says Dr. Jeff Tully, a pediatrician and self-proclaimed hacker who organized the event and staged the cyberattack with Dr. Christian Dameff, an emergency medicine physician. Cybersecurity expert Josh Corman, who recently served on a congressional task force for the U.S. Health and Human Services Department to investigate health care systems, said these systems are easy to hack because often the computers are running “on very old, unsupported systems.” Also, hospitals need to invest more in qualified cybersecurity personnel. Corman’s team conducted a yearlong investigation and found that at least 85 percent of hospitals do not have a single qualified [cyber]security person on staff.
From “Violence Against Health Care Workers Captures Regulators’ Attention”
Business Insurance (04/26/17) Gonzalez, Gloria. Reprinted by ASIS.
The U.S. Occupational Safety and Health Administration (OSHA) is “paying close attention” to workplace violence against health care workers, according to Safety National Casualty Corp.’s Mark Walls. In 2015, there were more than 11,000 violent incidents against employees in the health care and social assistance sector — a number that is nearly as high as all other industries combined. The California Division of Occupational Safety and Health Administration Standards Board unanimously adopted the first workplace violence prevention standard for health care workers in the United States last year, with the standard taking effect April 1. General acute care hospitals, acute psychiatric hospitals, and special hospitals must report incidents of workplace violence at their facilities to Cal/OSHA. The safety regulators are then required under Senate Bill 1299 to post a report each January on the total number of incidents reported, the names of the hospital facilities, the outcomes of inspections or investigations, the citations levied against a hospital based on a violent incident, and recommendations for the prevention of violent incidents in hospitals.
From “Workplace Violence: Prevention and Response”
CSO Online (03/08/17) Wackrow, Jonathan. Reprinted by ASIS.
Almost 2 million Americans are the victims of workplace violence every year. The Occupational Safety and Health Administration says that corporations spend over $36 billion each year on remediating the after effects of such incidents. Studies have shown that training and implemented policies to prevent threats and violence significantly decrease the incident rate. The best risk management strategy includes a combination of sound protocols, access to expert professional resources, and quality insurance coverage. The most effective prevention methods identify and address potential problems early. Workplace violence generally breaks down into four broad categories: violence by unknown individual with criminal intent, violence by known customer, violence by employee, and violence by associated party. Organizations should also implement a hiring process that emphasizes pre-employment screening and background checks. Understanding the risk factors can also prove extremely beneficial. In the event of an incident, crisis response plans are most effective when tailored to the needs and resources of a particular employer and workforce.