Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Caroline Ramsey-Hamilton

77-Year Old Man in a Senior Care Retirement Home Fatally Shoots One Firefighter and Injures Another in Long Beach, California

RISKAlert Report # 1149         Updated:  June 27, 2017                                                    Long Beach, California

A 77-year-old retirement home resident identified as Thomas Kim, has been accused of intentionally setting a fire Monday morning to lure first responders to the facility.  After the firefighters entered the Home and
put out the fire, Kim fired on the men, killing one firefighter and wounding another.

It’s the first time we have seen anything like this said, Mike Duree, Long Beach Fire Chief..

Around 4 a.m. Monday morning, firefighters Capt. Dave Rosa and Ernesto Torres responded to reports of a fire, followed by an explosion and the smell of gasoline, at the Covenant Manor senior care facility, Duree said. As they approached the high-rise building, the firefighters noticed that the windows of one unit had been blown out and that the sprinklers were on.

After extinguishing the fire, Rosa and Torres remained inside the building to investigate the gas smell and explosion, the chief said. Ten minutes later, gunfire erupted and police received reports of an active shooter. Rosa, a 45-year-old veteran of the Long Beach Fire Department, was killed in the attack. Torres and another man, a civilian resident of Covenant Manor, were injured and taken to a local hospital.

Long Beach Police arrested 77-year-old Thomas Kim, who lived in the facility, in connection with the fire and the shooting.

They booked Kim  on suspicion of murder, as well as two counts of attempted murder and arson, and is being held on $2 million bail.  It is not known about where he got his weapon and how he started the high-rise fire.

Not much was immediately known about Kim, police said he was arrested years ago for auto theft and that detectives are looking into reports of erratic past behavior.  His family said that they were stunned to find out the suspect was alive, living in Long Beach, and was a suspect in the murder and arson investigation.


LESSONS LEARNED:

  1. Retirement facilities should institute a No-Weapons Policy for Residents. 
  2. Firefighters place themselves in danger every day, but didn’t expect to encounter
    a killer in the retirement home!
     


    THANKS FOR READING THE RISKAlert Report
    ©For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com 
    We provide the best Active Shooter and CMS Facility Risk Assessments & Training Programs. Find out more at  www.riskandsecurityllc.com.



FEDERAL JUDGE RULES FOR OCR, FINES MD ANDERSON $ 4.3 MILLION DOLLAR FINE FOR MAJOR HIPAA VIOLATION INVOLVING UNENCRYPTED STOLEN DEVICES AND 33,000 PATIENT RECORDS

In the ruling, the Judge found that The University of Texas MD Anderson Cancer Center (MD Anderson) violated the HIPAA RULE for Privacy and Security Rules and granted summary judgment to the Office for Civil Rights (OCR) on all issues, requiring MD Anderson to pay $4,348,000 in civil money penalties to OCR. The $4.3 million dollar fine is the fourth largest amount ever awarded to OCR.

MD Anderson is an academic institution and a comprehensive cancer treatment and research center located at the Texas Medical Center in Houston.  OCR investigated MD Anderson following three separate data breach reports in 2012 and 2013 involving the theft of an unencrypted laptop from the residence of an MD Anderson employee and the loss of two unencrypted universal serial bus (USB) thumb drives containing the unencrypted electronic protected health information (ePHI) of over 33,500 individuals.

OCR’s investigation found that MD Anderson had written encryption policies going as far back as 2006 and that MD Anderson’s own risk analyses had found that the lack of device-level encryption posed a high risk to the security of ePHI. Despite the encryption policies and high risk findings, MD Anderson did not begin to adopt an enterprise-wide solution to implement encryption of ePHI until 2011, and even then it failed to encrypt its inventory of electronic devices containing ePHI between March 24, 2011 and January 25, 2013.

OCR is serious about protecting health information privacy and will pursue litigation, if necessary, to hold entities responsible for HIPAA violations,” said OCR Director Roger Severino. “We are pleased that the judge upheld our imposition of penalties because it underscores the risks entities take if they fail to implement effective safeguards, such as
data encryption, when required to protect sensitive patient information
.”

LESSONS LEARNED

1.  MD Anderson had written encryption politics going back to 2006, and had identified lack of
encryption as a material weakness in their own risk analysis!

2.  If a HIPAA Risk Analysis identifies a weakness in a critical area like encryption, immediately
start encrypting all electronic devices.

THANKS FOR READING THE RISKAlert Report©
For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com

We provide the best CMS Facility All-Hazards Risk Assessments, HIPAA Risk Analysis, as well as Active Shooter Training,
Workplace Violence Assessments, and Mass Casualty Drills & Training Programs.

www.riskandsecurityllc.com   and   www.caroline-hamilton.com



PARKLAND SHOOTING UPDATE: OF COURSE IT HAPPENED HERE SAID EX-SECRET SERVICE AGENT WHO REPORTED TO THAT MSD HIGH SCHOOL WAS VULNERABLE!

RISKAlert Report Updated:  June 11, 2018                                                           

According to a retired Secret Service agent, Parkland’s Marjorie Stoneman Douglass staff was well
aware of the lack of security as much as 60 days before the fatal shooting took place.  The former agent, Steve Wexler,
was invited to review the high school for security and he reported numerous weaknesses to the MSD staff including:
Gates were unlocked.  Students did not wear identification badges.  A fire alarm could send students streaming into the halls.  Active-shooter drills were inadequate,”  he said.

In addition, he noted, “This stuff is blatantly obvious. You’ve got to fix this,’” Wexler said.  He never
heard from the school again. His recommendations included:

1. School gates should be locked, and students should wear ID badges showing they belong on campus.
The shooter on Feb. 14 was able to get on campus because the gates were opened at the end of the school day.

  1. Active-shooter drills should be routine. After the shooting, some students said they had not been involved
    in drills this year.
  2. Any adult should be able to declare a Code Red to lock down the school. Clark, the school district spokeswoman, said that is the current protocol, but Wexler said he was told an assistant principal notifies the principal, who then makes the call. “That’s a problem,” he said he told the staff. “This stuff happens fast. This playing telephone is no good. By that time we could sit down and have breakfast.”
  3. Schools should not immediately evacuate students for a fire alarm without first confirming there’s a fire. During the shooting, the gunfire set off the smoke alarm, and students fled into the halls, where the shooter could take aim.

    LESSONS LEARNED

    1. If you have a security iny weaknesses identified by an expert – TAKE THEIR ADVICE AND
    fix the issues that were identified!

    2. Liability increases if staff were clearly warned BEFORE an incident that there were
    existing security weaknesses.


THANKS FOR READING THE RISKAlert Report
©

For more information and a free subscription:  write to:  caroline@riskandsecurityllc.com

We provide the best Active Shooter Training, School Security Assessments, and & CMS Facility All-
Hazards  Risk  Assessments, Drills &  Training Programs.

www.riskandsecurityllc.com   and   www.caroline-hamilton.com



Seventeen Killed, Fifteen Wounded in Parkland School Shooting

RISKAlert Report # 1012

 


Update:  February 14, 2018

Parkland Deadly School Shooting 2 miles from me and here’s what I saw for
Valentine’s Day – BULLETS NOT FLOWERS at Marjorie Stoneman Douglas
High School

3rd Deadliest School Shooting in History – called a SCHOOL MASSACRE

I live right next to Parkland, FL and was out shopping at 2:30 when I heard the sirens from about a dozen
police cars and emergency vehicles. They followed the street right by my house, and as soon I got home,
I checked the TV and saw what had happened – another  deadly School Shooting.

Parkland is usually so quiet, just YESTERDAY it was named safest city in the US. Another student said he
knew the kid who had the gun, and that the student had shown him photos of guns on his phone

The shooter, now identified as Nikolas Cruz, was caught in his care close to  the school, and has been
charged in court. Fifteen others are till in the hospital.

I could see the police helicopter from my upstairs window.
So when I do active shooter assessments for healthcare
and other critical organiztions all day, and write about these incidents every day and night.

Here’s the real thing – right next to me!

My kids are out of school, but my hear still stopped, and I wanted to call every parent I know and check on their kids.  I dread seeing the list of the injured. My grandson’s classmate’s father was killed.  He was a coach at the high school.

So now this close knit community has been terrorized and there is no resolution. The person in custody is only
19-20 years old himself, and, accordingly to one of his friends, thought that having guns was ‘really cool’.
Well – it’s not really cool. It’s really horrible, really stupid.

The most aggravating thing about this is: One more time, it’s too late. No access control = high chance of
active shooter. No checking or scanning backpacks and here’s what you get. Dead and injured children
and teachers. 

 

LESSONS LEARNED:

FORGET WHY he did it — WE OWE IT TO OUR CHILDREN TO PUT PREVENTION FIRST!
This can happen anywhere, and it just happened again!

Contact me directly at caroline@riskandsecurityllc.com

THANKS FOR READING THE RISKAlert Report

 For more information and more great content:

www.riskandsecurityllc.com   or   www.caroline-hamilton.com

 Write to info@riskandsecurityllc.com to subscribe or get more
information on  RISKAlerts,  and a new complete Active Shooter-
Workplace Violence Assessments,  Training and Improved Emergency
Preparedness Programs

#ParklandShooting   #ActiveShooter    #SchoolShooting



$ 3.5 Million Dollar Fine for Fresenius Medical Care North America (FMCNA) to settle potential violations of the HIPAA Privacy and Security Rules for FIVE different breaches.

RISKAlert Report Updated: Feb 2, 2018

FMCNA, a German company with US Operations based in  Waltham, Massachusetts, has agreed to pay a hefty $ 3.5 million dollar fine that covers 5 separate HIPAA Violations.

FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients. Their facilities include dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitals and post-acute care providers.

US Dept. of Health and Human Services said the company failed to heed HIPAA’s risk analysis and risk management rules. FMCNA is also required to adopt a Comprehensive Corrective Action Plan. DHHS’ Office of Civil Rights,(OCR) investigation into the data incidents found that FMCNA covered entities failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI.

The breaches spanned three states including Florida, Alabama, and Georgia. Each provider had specific
deficiencies and the Agreement calls out each deficiency by provider. You can read the entire Resolution Agreement at https://www.hhs.gov/sites/default/files/fresenius-racap.pdf.

Fresenius Medical Care’s corporate headquarters is in Bad Homburg, Germany. The North American headquarters is in Waltham, Massachusetts and the Asian-Pacific headquarters is located in Hong Kong.

LESSONS LEARNED:

1. All providers need to have a current Risk Analysis that identifies potential threats,
     analyzed solutions, and provides a concrete plan to fix any deficiencies. The Risk Analysis
     must adjust to new threats, such as Ransomware attacks.

2. Covered entities like FMCNA are responsible for all the providers in their network.

THANKS FOR READING THE RISKAlert Report©

For more information and more great content:
www.riskandsecurityllc.com or www.caroline-hamilton.com

For a no-cost subscription, write to caroline@riskandsecurityllc.com



Sutherland Springs Church Shooter Practiced by Shooting Dogs, Fracturing Baby’s Skull- Could it happen at your Church?

Every day more information comes out about the terrible murders by the Active Shooter at the Baptist church in Sutherland Springs, Texas. Since my mother was from Texas, and my father taught Adult Baptist Sunday School for 36 years, this one was personal.

This is a classic case of how the risk of an active shooter is everywhere these days. With so many recent shooting incidents, because it was done in a church, it makes it worse and should encourage all churches to hold active shooter training classes for their congregations.

No question that the shooter was a monster. After uncovering his record for domestic violence and even fracturing his infant’s skull, it turned out he practiced his shooting skills on pet dogs. He bought dogs on Craigslist, or took dogs promising to give them good homes, and then practiced shooting and killing them.

Houses of worship have been adverse to putting in stricter security, because they obviously want to be open and welcoming, but that
doesn’t seem to be possible these days.

A is all about Access Control. Most churches have some kind of vestibule, a sort of anteroom before you actually enter the church. Instead of haphazardly asking people to bring in their guns, maybe it’s time to have a “watcher” in the vestibule, keeping an eye out on who’s entering the church or synagogue.

Most shooters enter their chosen site with guns blazing, not hidden.
Getting back to basics, have some kind of access control is the first step. So keeping them out in the first place is the best option.

Another option might be a few cameras with monitoring station in the church office and someone there to watch before the services to catch someone taking their guns out of their car before they even reach the church or synagogue.  This would be a simple solution because it would only need to be manned before, during and immediately after the services.

Another favorite control, panic alarms can be very expensive and useful for a group shooting situation.  It gives the instant ability to ‘sound the alarm’ and get people down, or even better, out the side door and also gives advance notice to the potential victims.

Assuming we’re not profiling the entire group in advance, the best protection is doing quarterly security facility risk assessments.  These assessments give you a quantitative measure of your risk, including not only looking at the threat level (the threat assessment part of the total assessment), but also reviewing a list of the 50 controls we’ve identified that will enhance security, and looking at the interaction between the highest potential risk, balanced by the offsetting, or preventive controls.

Every terrible incident like the shooting at the Baptist Church in Sutherland Springs should be an opportunity for building a foundation of security awareness in your community or congregation.

TO FIND OUT ABOUT AN ACTIVE SHOOTER PROGRAM FOR YOUR CHURCH
Contact me :   caroline@riskandsecurityllc.com   or info@riskandsecurityllc.com

 



RISKAlert No. 843 March 31, 2016 Patient Dies After 6th Floor Fall from Hospital Room

RISKAlert # 843 -March 31, 2016

Maine patient, hospitalized with a severe brain injury after a motorcycle accident, climbed out of a 6th floor window in the hospital and fell to his death at 5:10 pm on March 29th.

Paul Cady, 43, from Hollis, Maine, had entered the hospital on March 9th, after a motorcycle accident, and had been in a medically-induced coma for a period of time following the accident.  His family emphatically stated he was not trying to commit suicide, but that he was only trying to get home to his family.

Portland, Maine -- 03/30/16 -- Paul Cady, as seen in an undated photo provided by his daughter, Miranda Cady. Paul Cady died Tuesday evening after falling from his sixth story window at Maine Medical Center in Portland. Courtesy photo

In Maine, like other states, newly constructed hospital facilities must meet the American Institute of Architects 2006 general guidelines for hospitals, which doesn’t require windows in patient rooms to be operable.  However, if windows in patient rooms are able to be opened, “operation of such windows shall be restricted to inhibit possible escape or suicide,” the standards state.

Recently, hospitals have recognized the value of fresh air and ventilation, but as a Life Safety issue, the amount that the window opens has been regulated by CMS, the Centers for Medicare and Medicaid.  Studies that shown that windows provide a positive effect on both healing and on patient satisfaction, whether the windows can be opened or not.

Registered Architect Gene Wells of Marshall Erdman & Associates, a leading national health care design and construction firm, offers the following: “In today’s hospital, huge efforts are being made to create a healing environment for patients and their families. A non-institutional approach lessens the stress level for people who already have too much stress and leads to better outcomes. Patient’s rooms, in particular, are often designed to reflect local culture, connect with nature or create a hotel-like environment. Operable windows can be an integral part of this atmosphere.

Lessons Learned:

1.  Patient falls from hospital windows are extremely rare in the United States.
2.  This type of incident can create a potential liability issue for healthcare organizations.

                                       RISKAlerts®  are published by Risk & Security LLC
                                   To subscribe:  write to: 
caroline@riskandsecurityllc.com



RISKAlert November, 2014 Updated Incident Planning for Healthcare Facilities

Incorporating Active Shooter Incident Planning into Health Care Facility Emergency Operations Plans

National preparedness efforts, including planning, are based on U.S. Presidential Policy Directive (PPD) 8: Preparedness, which was signed by the President in March 2011.  This updated  directive represents an “evolution” in understanding of national preparedness based on lessons learned from rom natural disasters like Hurricane Sandy, terrorist acts like the Boston Bombing and active shooter and other violent incidents.

Preparedness is centered in five areas: Prevention, Protection, Mitigation, Response, and Recovery. These concepts are applied to Health Care Facility (HCFs) Planning for active shooters and other violent incidents.

Emergency Operations Plans for Health Care Facilities (EOPs) should be living documents that are routinely reviewed and consider all types of hazards, including the possibility of an active shooter or terrorist incident. As law enforcement continues to draw lessons learned from actual emergencies, HCFs should incorporate those lessons learned into existing emergency plans or in newly created EOPs.

It advises a whole community approach that includes staff, patients, and visitors as well as individuals with access and functional needs. Examples of these populations include children, older adults, pregnant women, individuals with disabilities, etc.

The key concepts include not only familiar concepts like “Run-Hide-Fight” but also concepts on addressing a wider range of risks (threats), how to do drills, improvement of situational awareness activities, expanding the definitions of risks, how to do Psychological First Aid (PFA), and how to integrate these with HIPAA guidelines and Rules and the importance and role of Security in Emergency Operations Planning (EOPs).

Lesson  Learned :    Don’t Wait to Respond!

A 2005 investigation by the National Institute of Standards and Technology into the collapse of the World Trade Center towers on September 11, 2001, found that people close to the floors impacted waited longer to start evacuating than those on unaffected floors.   Similarly, during the Virginia Tech shooting, individuals on campus responded to the shooting with varying degrees of urgency. (ref:  Federal Building and Fire Safety Investigation of the World Trade Center Disaster: Occupant Behavior, Egress, and Emergency Communications.)

            Frequent Security Situational Awareness Training, and Active Shooter –
Disaster Drills can prevent this “frozen” phenomena and save lives in
a violent incident , a terrorist attack, or a disaster scenario.


RISKAlerts are
publications of Risk & Security LLC



Inmate Patient Takes Sheriff’s Deputy’s Gun, Shoots Deputy and Kills Himself

Prisoner Grabs Deputy’s Gun at a West Union, Iowa Hospital,  Shoots Deputy & Turns Firearm on Himself.

At Palmer Lutheran Health Center, a full service hospital in West Union, Iowa, an inmate who was brought from Fayette County Jail on Saturday morning, August 23, at 8:30 am, grabbed the County Sheriff Deputy’s gun and demanded he be released, the deputy used a non-lethal device on the inmate, who then shot the deputy at close range.  The inmate then killed himself with the handgun.

The deputy, who was wearing a bulletproof vest, was shot in the stomach, but was treated and released at the site of the incident.  The inmate, still unidentified, grabbed the gun when one of his hands was released for his medical treatment.

West Union Shooting

LESSONS  LEARNED:

1.   Forensic patients (prisoners) know it’s easier to escape
from the hospital
room, or hospital bed,  than it is to
escape from the County Jail!  Security should be
present to support law enforcement.  One deputy is
a minimum.  Deputy with security officer present is
better.

 

2.   Wearing a bulletproof vest saved the deputy’s life during the incident.  Security officers should
consider having bulletproof vests available when dealing with this type of patient.

According to research in the Journal of Injury Prevention,  “Shootings in U.S. Hospitals 2000 – 2011,
in 23% of shootings within hospital emergency departments, the weapon was a security officer’s gun taken by the perpetrator. https://www.llis.dhs.gov/sites/default/files/FA-gdkelen.pdf

IAHSS (International Association of Hospital Safety and Security),  has policy guidelines for security departments that deal with forensic (inmate) patients.  IAHSS members can access the Healthcare Security: Basic Industry Guidelines at www.iahss.org.

Security managers and hospital management need to make sure that All Hospital Staff including Clinical Staff
Are Warned to Use Extreme Caution When Working with or Near Forensic Patients!


RISKAlert® is a publication of Risk & Security LLC at www.riskandsecurity.com

TO SIGN UP FOR RISKAlerts, send your email address to info@riskandsecurityllc.com

 

Copyright, 2014-2015 – Risk & Security LLC   



Former Nurse Commits Suicide in Hospital Bathroom at Valley View Hospital

RISKALERT INCIDENT REPORT # 574 – Suicide in the Hospital Bathroom

August 6, 2014

Former Nurse Commits Suicide, Fires A Single Shot to the Head, Locked in a Public Restroom at Valley View Hospital, Glenwood Springs, Colorado.

A hospital staff member reported Eric Knurr dead in a bathroom stall a round 11:30 a.m. Monday, morning, August 4, after maintenance had to be called to unlock the door to the men’s restroom off the emergency department. The former male nurse had been formally admonished by state regulators for brushing a patient’s teeth until they bled, and also slapping the patient, who was in restraints at the time of the incident in 2005. He had applied for a job at Valley View Hospital in 2012, but was not hired.  In similar incidents:

  • In January, 2014, a man locked himself in the hospital bathroom at Cherokee Medical Center in Iowa, and committed suicide.
  • In August, 2013,   62-year-old man committed suicide in a public bathroom at the Veterans Affairs hospital campus at Fort Harrison, Montana, after locking the bathroom door and killing himself with a single shot.
  • In August, 2012, a similar incident happened at an Oklahoma hospital when a Oklahoma State University employee committed suicide in a public restroom off the emergency room.


LESSONS LEARNED

(1.)  Hospital staff should IMMEDIATELY report any locked bathroom door in a public restroom.  In several of the incidents, housekeepingdidn’t want to bother securitywhen they found the bathroom door locked, so they waited another two hours before reporting the problem, and by then it was too late.

(2.)  Not having any form of metal detection allows people to bring guns into hospitals, lock themselves in bathroom, and commit suicide.  Metal detectors or wand detectors can prevent a tragedy.

CHECK OUT:
     In December, 2010, The Joint Commission Issued a Sentinel Event Alert on Suicide Risk Outside Psych Units in Hospitals, including medical units, surgical units, and emergency departments.  (http://www.jointcommission.org/assets/1/18/SEA_46.pdf).

“It is noteworthy that many patients who kill themselves in general hospital inpatient units do not have a psychiatric history or a history of suicide attempt – they are “unknown at risk” for suicide.   Compared to the psychiatric hospital and unit, the general hospital setting also presents more access to items that can be used to attempt suicide – items that are either already in or may be brought into the facility – and more opportunities for the patient to be alone to attempt or re-attempt suicide.

“This Alert presents strategies that can be used and suggested actions that can be taken by general hospitals to help better prepare their staffs and their facilities for suicidal patients and to care for both their physical and mental needs. Suicide has ranked in the top five most frequently reported events to The Joint Commission since 1995. The Sentinel Event Database includes 827 reports of inpatient suicides.  Of these events,  14.25 percent occurred in the non-behavioral health units of general hospitals (e.g., medical or surgical units, ICU, oncology, telemetry),  8.02 percent occurred in the emergency department of general hospitals and 2.45 percent occurred in other non-psychiatric settings.”              


           Stay Alert and Encourage Hospital Employee Awareness!

RISKAlert® is a publication of Risk & Security LLC at www.riskandsecurity.com
 




top