RISKAlert Report Updated: July 9, 2018 McComb, Mississippi
MAN AT SOCIAL SECURITY OFFICE STABS HIS MOTHER AND GRANDMOTHER IN WORKPLACE VIOLENCE INCIDENT BEFORE BEING SHOT TO DEATH BY FEDERAL SECURITY OFFICER
A 21-year-old Mississippi man, Branen Carter, went into the McComb, MS, Social Security Administration office with his mother and grandmother, and then he stabbed his mother and grandmother in the lobby before he was shot to death by a federal FPS (Federal Protective Service) security officer.
The incident happened at 11 am, and the facility was put on lockdown after the incident. Large numbers of law enforcement officers responded to the one-story brick building on the edge of McComb, which is about 100 miles south of Jackson.
Carter’s mother, Lee Anna Turnage, and grandmother, Ann Carter, were in stable condition at Southwest Mississippi Regional Medical Center, after what was reported as a family fight that turned violent.
Mississippi court records show Branen Carter was indicted in Marion County in December 2016, when he was 20, on two felony charges — one count of statutory rape and one count of sexual battery of a child between the ages of 14 and 16. He pleaded guilty in May 2017 after the two felony charges were reduced to misdemeanors (WHY?), and he was given two six-month suspended sentences, which means he did not have to serve jail time. The attorney who represented him was out of the office Monday and could not immediately be reached for comment.
The Director of Communications for the Federal Protective Service, Robert Sperling, said that the FPS agency has a long history of using armed security guards at federal agencies it oversees. “It’s a cornerstone. We have officers in social security offices and most federal agencies across the country, such as the IRS,” Sperling said. LESSONS LEARNED:
1. Workplace Violence can happen anywhere, and family disputes often spill over into
public workplaces. This attack happened in the lobby of the federal agency.
The FPS did an excellent job of countering the threat and probably saved the
lives of both women.
reprinted with permission from www.securityinfowatch.com
Using Risk-Based Security to Stem the Tide of Violence
in Hospitals and Healthcare
Created by: Caroline Ramsey Hamilton
Date: May 22, 2014
Hospital and healthcare security is experiencing a major increase in violence,
instigated by patients, patient families and even healthcare staff. Just last year,
there was an active shooter incident in Reno, Nev., in which two physicians were
shot, and in Houma, La., a hospital administrator was shot to death by a terminated
nurse. As recently as Easter Sunday in California, two nurses were stabbed at the
hospitals, where they worked. One was stabbed in both the upper and lower torso
and is in critical condition. These two incidents add to the more than 100 violent
incidents in 2013 and the first half of 2014.
Since 2010, violence in healthcare has skyrocketed. As a result, the Joint Commission has
issued a “Sentinel Event Alert” on the issue and contributed to numerous articles on shootings
in U.S. hospitals. The Department of Homeland Security and a consortium of state and local
hospitals recently released a standard for active shooters in healthcare. These all point to the
conclusion that the current law enforcement-based hospital security model is not working.
Changes in Healthcare The changes in healthcare, including the increase in insured Medicaid patients and increased
traffic to emergency departments, highlights the fact that very well-intentioned people are
working with an outdated security model that hasn’t evolved to address a changing healthcare
environment. The change in billing and reimbursements for healthcare organizations, such as
tracking of readmission rates, has squeezed hospital profits causing reductions in funding in many
security departments at a time when violent events are steadily increasing.
A new risk-based model for hospital security is emerging that is less linear and more cyclical.
It uses technology to a greater extent, employs forecasting and statistical models to predict the
likelihood of future incidents, and is proactive instead of reactive, focusing money and energy on
preventing events instead of simply responding to them. This model also uses risk assessment
formulas to quickly assess the current security profile of a hospital, clinic, hospice, or behavioral
health facility, factoring in heightened threat-risk environment, not only for the facility in question,
but also adding in the wealth of healthcare data that’s now available.
Risk –Based Security Focuses on Continual Assessment A major focus of this model is the continual assessment and evaluation of preventive security
controls, which are reviewed quarterly, semi-annually, or annually to discover gaps in controls,
and to fix gaps as soon as they are identified. This dovetails nicely into the assessment models
already required by the Joint Commission, OSHA and new CMS standards.
Looking at recent high-profile security events that took in place in hospitals shows that incidents
happen because of exploited gaps in the existing security of the healthcare facility. In the past,
security officers successfully worked hard to reduce response time so that often officers could
arrive in under two minutes, but it’s still too long. In the Reno shooting, response time was under
two minutes, but that was long enough to kill two doctors.
Focusing on prevention makes sense for healthcare, much in the way the Joint Commission
focuses on patient safety, by continually assessing controls, reducing discovered gaps in controls,
and mitigating gaps by reassessing and tightening security, which creates a cycle of continual
improvement in the healthcare security environment.
Taking Advantage of Technology The healthcare risk-based security model takes advantage of technology. Instead of waiting
for manual recording of security incidents every day, software programs allow hospital security
officers to enter data at the end of each shift, and that means security directors can map what’s
happening in the hospital or facility on a daily, weekly, monthly and yearly basis. This can go a long
way to identifying trends early and help facilities make appropriate changes in controls so that
negative trends can be reversed quickly and both patient and staff security is increased.
In addition to automating incident collection and analysis, the healthcare security risk assessments
must be automated too. Risk assessments are too time-consuming and labor intensive to be done
annually. By the time the risk assessment is over, the environment has changed again. By
automating the risk assessments, including environment of care and hazard vulnerability,
it produces data that can be used instantly to analyze and recommend the most cost-effective
controls, and rank them by their return-on-investment (ROI).
The role of security in hospital and healthcare organizations is changing too. Security organizations
should no longer be isolated without intensive interaction with others in the organization, including
the human resources department, the facilities managers, safety managers, and the emergency
New DHS Guidelines for Active Shooters in Healthcare With DHS issuing new guidelines for active shooters in healthcare, hospital emergency managers
are now required to prepare for active shooter incidents, as well as storms, hurricanes, tornadoes,
power interruptions and other events related to natural or man-made disasters. This creates a
natural partnership between the emergency management staff and the security program,
because the skills of both functions are needed to properly prepare an organization for any disaster.
Instead of existing in a vacuum, healthcare security directors and managers should cheer at
this development because it expands the importance of security inside the hospital or healthcare
facility, and underscores its value in protecting the organizational assets – the physical facility,
patients, visitors and staff – to proprietary information, including the HIPAA mandated PHI
(Protected Health Information), vehicles, security systems, high-value healthcare equipment
and the healthcare provider’s reputation.
Security budgets have always suffered because security costs are seen as operating
expenses, not an income source, but by tying the security expenses more closely to loss
prevention and protection of the organization, it creates a cost justification for hospital and
Risk-Based Security Links to Hospital Compliance Standards A risk-based security model also links security to myriad compliance standards that affect healthcare
and this also supports and justifies the costs related to security. For example, hospitals are required
to have a variety of security controls in place related to tagging of newborns, posting of no-weapons
signs, and environment of care issues. Any healthcare organization accepting funds from Medicare
or Medicaid must comply with the new mandate for annual security risk assessments.
OSHA 3148 also requires hospitals and healthcare organizations to do annual workplace violence
assessments, and more than 33 states also require enhanced protection of hospital and healthcare staff.
As security incidents continue to increase and violence in healthcare escalates, making the
switch to a risk-based security program will provide better protection for hospitals and healthcare
organizations, making more effective use of existing security personnel, as well as justifying and
expanding healthcare security budgets.
For more information: contact: Caroline Ramsey-Hamilton at firstname.lastname@example.org
When I turned on the news today, I was in the middle of writing an article on the 2nd Shooting
at Ft. Hood from last week, and then saw that there had been a violent knife attack at a
Pennsylvania high school, with 20 casualties and at least eight injured critically, the next day,
there was a hate crime shooting at the Jewish community center in Overland Park, Kansas.
Once again, we see violence on a mass scale, the FBI has been brought in, and next will come
information on the victims. With two major events, in two weeks, what can we deduce about the
security in place at both Franklin Regional High School, Pennsylvania, and Fort Hood, Texas.
NEWS FLASH: THE CURRENT SECURITY MODEL IS NOT WORKING!
CURRENT SECURITY MODELS
Disaster preparedness is improving, Emergency Management is working, but security is still not where it needs to be. It is a systemic problem based on the fact that security around
the U.S. is still locked in a REACTIVE mode, not a PROACTIVE mode.
The main reason for this reactive mode in security organizations, is because most security
officers come from a law enforcement background, with a model which is based on crimes
and arrests, and it is totally REACTIVE. A crime happens and police officers go into action
and arrest the perpetrator(s).
CRIME HAPPENS = PERP IS IDENTIFIED = PERP IS ARRESTED
Unfortunately, this reactive model does not work for preventing security incidents and mass violence
because it is INCIDENT DRIVEN, not Risk-Driven. It focuses on individuals, not on a more holistic,
generalized view of Threats, and it totally leaves Solutions (Controls) out of the equation.
After studying pages of after action reviews, post-incident analyses and media sources, the one
recommendation that makes sense is that organizations need to switch to a RISK-BASED,
PROACTIVE mode for security to work.
This was highlighted in a remark made by a Pentagon official, commenting on the 2nd Fort Hood
Shooting on April 2, and the fact that new DOD recommendations for security, had just been released.
“After the Navy Yard shooting in September 2013, another round of recommendations were made to improve security at all DOD installations, however, a Pentagon official said thatthe new
recommendations had not yet been put into effect at Fort Hood. At Fort Hood, very little had
changed from 2009 regarding security procedures for soldiers at the entrance gates.”
The question for the Department of Defense is “how could this happen again at the same military
base? I took extra time to study the 89-page document called An Independent Review “Protecting
the Force”, one of 3 reports created after the initial Fort Hood Shooting, whene 13 were killed, and
If you look at the recommendations, they are very bureaucratic and procedural. They could have
been written by an efficiency expert, not by anyone with a background in security, and covered things
like policy changes, and having screening for clergy and psychologists, and improved mental health
programs. These are all important, but they do not provide a secure environment.
The LAX after action analysis’ Number One recommendation was to change
the security focus to a Risk-Based approach.
The problem with a reactive approach is that you can’t screen and lock down everyone. At Fort
Hood, for example, there are 80,000 individuals living on the base, and probably hundreds of
visitors who go in and out every day. It’s impossible to assess the mental health, and the
‘intentions’ of all of them.
That’s why a Risk-Based Approach works – because it focuses on the potential threats and then evaluates the existing controls to see whether they offer the required amount of protection based on the likelihood of the threat occurring.
You stop violent events by controlling access and by controlling weapons. No matter how unpopular they are, you use metal detectors at certain points, you use security officers at key entrances, you control entrances and exits.
Once the event starts, you can improve security by having faster notification (panic alarms), ability
to block, or disable weapons and attackers, adequate transport, better emergency response, but to
avoid the violence, you need to have strong access control.
The Risk-Based approach makes use of annual risk assessments that are holistic in nature. They
are not done in stovepipes, they include the entire organizations, they include input from staff
members, visitors, students, vendors, soldiers, patients on how they see security from their point
of view, which is always dramatically different from management or administration.
A risk-based approach requires an organization to:
Define potential security risks.
Develop standardized risk assessment processes, for gathering and
analyzing information, and use of analytical technology
Risk-Based Security focuses on PREVENTION OF NEW INCIDENTS
whether they are active shooter, general violence, etc.
Enhances security’s ability to rapidly respond to changes in the threat environment.
MORE BANG FOR THE BUCK
According the LAX (LAWA) after action report, “Simply adding more security does not
necessarily provide better security. Determining priorities and where to achieve great
value for the dollars invested requires regular, systematic assessment of the likelihood
and consequences (risks) associated with a range of threat scenarios that morph and
change more quickly now than ever before.
Collaborative engagement in a security risk assessment process across the community builds
the buy-in needed to develop and sustain a holistic security program over time. Leaders must
be open to challenging established practices and demonstrate a willingness to change direction”.
Making the switch to a Risk-Based security program is the best recommendation for those who
want to protect their staff, students, patients, vendors, clients, soldiers, and visitors from a mass
casualty event, or for all the organizations who don’t want to have a terrible incident happen in
the first place!
Some of the most horrific shootings we see occur in hospitals. Because most people still think of hospitals as “places of refuge”, it is always a big shock when some kind of violence or shooting occurs in a hospital, especially gun violence.
With so many active shooter incidents in the US in recent months, the Joint Commission recently released information about the number of shootings in hospitals, and found that,
They analyzed a total of 154 hospitals shootings, which took place between 2000 and 2011. They found that 59% of the incidents took place inside the hospitals, and 41% took place outside on the hospital grounds.
Of the 59% of incident that happened INSIDE the hospital, not surprisingly, about 30% took place in the Emergency Department, and 19% in the patient rooms. We all remember the John Hopkins incident that occurred in a room where the shooter shot his mother’s doctor, and then locked the door and killed his mother and then committed suicide.
Of the 41% of incidents that took place outside, but on the hospital’s ground, 23% took place in the parking lot, which underscores how important it is to have a designated manager for the parking facilities. We have seen stories about a man in Tennessee who had a meth lab IN HIS CAR in the hospital parking garage, and the poor baby tossed off the roof of a parking garage.
The 154 hospital shootings resulted in a total of 235 people who were Injured or who died in the incident. The most common
victim was the perpetrator (shooter) and that accounted for 45% of the people injured or killed.
Another 20% of the victims were the hospital employees, including physicians (3%) and nurses (5%).
Another interesting highlight of the report, was that 50% of the shootings that took place in the
emergency departments were the result of the shooter taking the security officer’s gun!
The dramatic increase in Active Shooter incidents, including the Washington Navy Yard Shooting, the LAX shooting and the Sparks middle school shooting all illustrate that the trend is moving toward more incidents per year, and more people dead or injured in each incident.
For example, from 2000 to 2004, there was, on average, only 3.8 active shooter incidents per year. Then, from 2005 – 2010, the average number of incidents per year increased to 11 incidents a year, and from 2011 to 2013, it jumped again to an average of 17 incidents per year, which is over a 300% increase from 2000.The statistics clearly show the trend of increasing gun violence in our society, and until society can find a way to reverse the trend, hospitals will be looking at the possibilities to stop the violence at the door to their emergency department.
Source for hospital shooting data: Hospital-Based Shootings in the United States: 2000 to 2011 byGabor D. Kelen, MD, Christina L. Catlett, MD, Joshua G. Kubit, MD, Yu-Hsiang Hsieh, PhD
NSA is answering questions this morning about their mega data collection of phone call destinations, before the House Intelligence Committee.
Having worked with NSA for years, I decided to watch the hearings and hear what General Keith Alexander had to say. Of course, I have a family history with congressional hearings.
For myself, I’m in total agreement with NSA that they should be LISTENING, COLLECTING and ANALYZING intelligence so we can know what is happening all over our complex world and be in a position to prevent catastrophic attacks by those terrorists using their religion like a free pass to kill, maim and attack.
My father died over ten years ago, but one of my favorite memories of him is that is, while he was suffering from cancer, he never missed a Congressional hearing. He sat with a TV Tray in front of him, with a stack of monogrammed notepaper, envelopes and stamps.
As the hearings progressed (I especially remember him watching Iran-Contra), he would write to each of the congressmen and senators, telling them how he judged their questions, writing to them about mistakes he thought they made. This was true democracy in action. From his pen right to the powers-that-be. And he took his responsibility in this very seriously.
I hope everyone starts watching, learning and taking their role in our democracy as seriously! An attention-seeking junior technician is having his 5 minutes of fame, and I hope that the great work of the US intelligence community is not going to be slowed down or damaged by his thoughtless disclosures. He should start writing letters to HIS elected representatives.
More Tornado victims will be buried this week. Including many children who died at their schools because the school district didn’t spend the extra $3000 to have a storm cellar/safe room available.
One month ago, we watched as victims of the Boston Marathon Bombings were buried.
Yesterday, we watched an Islamic Jihadist savagely kill a young British soldier with knives.
What other events do we have to witness before we start taking security assessments seriously? How many more grieving parents do we have to watch crying on TV and, in my opinion, the casualities did not need to be so high and the aftermath so catastrophic.
If you group all these disasters together, you can that at the root of each one, is the feeling that, “IT CAN’T HAPPEN HERE”….. Britain, for example, has tolerated mosques preaching hate, thinking that nothing like the knife attack could happen in civilized London.
In Moore, Oklahoma, people thought, “we already had a major tornado, so IT CAN’T HAPPEN AGAIN”! Well, surprise – it happened again. While forecasters cannot dictate the exact path of a tornado, they can get close, and with just fifteen minutes advance warning, there is time to get everyone into storm cellars, safe rooms and underground shelters. BUT IF THERE IS NO SHELTER AT A SCHOOL…….
Many obvious solutions-controls-safeguards were missed in these recent tragedies because proper, formal security risk assessments weren’t done effectively. If they had been done, perhaps the London police could have picked up someone who touted murder and hate.
If a risk assessment had been done in Moore, OK, maybe the high risk of a tornado would have allowed the schools to all add the safe rooms they needed, and in Boston, the older brother Boston bomber, should have been in jail already for his participation in a previous murder – or at least actively monitored based on his facebook postings.
The clues are all there, and, looking backwards, you can see the pieces that SHOULD HAVE BEEN ENOUGH TO PROMOTE some kind of actionto either:
1. Eliminate the threat or,
2. Reduce the severity of a potential threat in case it occurred.
Security risk assessments gather the numbers and the information organizations need to make better choices about how to protect people’s lives, facilities, and organizations. I hope these events will prompt more Security Directors to take an objective and unbiased look at their own organizations, and the controls they have in place, before you end up on CNN!
The Boston Marathon bombings were bad enough. The loss of life was terrible, but the runners and their families who lost legs and feet because they wanted to give their Dad a hug at the finish line were worse.
One week later, we all watch with trepidation as the first bomber is killed and the second captured bleeding in a boat in Watertown.
THE MOST TERRIBLE NEWS OF ALL IS THAT IT MIGHT HAVE BEEN PREVENTED!! This is EXACTLY the situation that DHS was supposed to catch. This is EXACTLY why the agencies were ORDERED to share information, and still these guys can tweet all they want, show violent Islamic videos on their web sites and call for Jihad and NOBODY NOTICES!!
This is made even more incomprehensible because the U.S. government was ALERTED BY THE RUSSIANS that one of them was DANGEROUS.
What do we need to do to get these agencies to start paying attention to these potential terrorists? DO WE NEED TO MAKE THEM WEAR A RED SHIRT?
If the IRS can keep track of every American and in 2 minutes call up their entire history of taxes, and the Department of Labor can calculate your benefit rates in less than 1 minute, and Social Security keep track of all your information – why can’t DHS and the FBI keep a contact database current?
Why can’t they have a person who scans these web sites and Facebook sites for Jihadist pages and then cross-references them with the site’s owner? Why can’t a trip to a violent region of the world trigger a PING, as I heard one congressman call it.
Every company in the world has a simple Contact database on their own customers and suppliers that gives them years of data. WHY CAN’T WE BE PROTECTED FROM THESE TERRORiSTS.
This one wasn’t hiding in the shadows – he was ON SOCIAL MEDIA! He wasn’t locked up in a cabin – he was traveling internationally, his brother was getting a scholarship. And they did this FOR YEARS!!
This intelligence failure is just exactly like 9/11 all over again. These agencies are so procedural that they cannot connect the dots. Ok – they’re human. But we have super computers that CAN connect the dots and do profiles and create alerts…
Maybe we should call Google and get some help. We obviously need it.
Every time the TV is on, every anchor is crying about the dreaded Sequester.
Will it have an impact on security budgets? I have seen security budgets, especially for the facilities security departments, swing from almost unlimited budgets after 2001, to bare bones in 2009 and 2010, and thought they were trending back up for 2013.
Now, with the uncertainty about what a Sequester actually is, (please note my use of the capital “S”), how will it affect our security departments?
Obviously, the most obvious casualty are the government contractors who’s contracts may be arbitrarily cut, and civilian managers of federal programs will see lost days and furloughs.
The trickle-down effect will probably extend to state, county and municipal governments, too. So that means it’s even more important to start budgeting new security controls so that the most important get the funding!
One of the themes we go over in our webinar programs is how important it is to create a COST JUSTIFICATION and Return on Investment information so that you can create a business case for every control you need to improve security.
And one more thought on the Sequester – we often see an increase in crime, white collar crime and fraud when things are unsettled and people aren’t sure what’s going to happen next.
Maybe it’s a good time to do another risk assessment? Maybe the Sequester is the next new Threat!
How can youimprove your security program? Are we talking about a seaport? A church? A manufacturing facility? A gas pipeline? An office building? Corporate Headquarters? Zoo? Hospital? Bank? Clinic? City Hall? Harbor? Stadium? Government Agency?
It doesn’t matter what you need to protect — if you decide it is a critical asset, it needs good, continually improving security, and
an on-going assessment program is the fastest, easiest way to get it.
If wonderful, dedicated you, (as the security pro), don’t know what’s working and what’s not, how can you improve the overall program, unless you wait for an “precipitating event”, like a THEFT, like an ASSAULT, like a FLOOD, or a HURRICANE, or a POWER LOSS, and then you immediately start working on that and making sure THAT particular disaster doesn’t happen again!
Meanwhile, everything else is slowly losing energy due to lack of constant attention.
And so let’s say you are the Super Bowl, and the power went out! Terrible. Inexcusable. And you’re busy getting a 2nd or 3rd backup generator to make sure THAT POWER LOSS never happens again.
This problem with this model – fixing what’s broken and ‘learning from experience’ is that it’s always a day late. You’re always chasing after something that already happened.
Instead, you can set up a program so that you use to continually evaluate the current condition, assess the risk, and then improve the security controls, based on THAT RISK ASSESSMENT.
Tony Robbins used to call it CANI –
Constant And Never-ending Improvement. You can accomplish this by setting up regular assessments and then adjusting or tweeking the security controls to adjust to the new, or more aggressive threats.
“Regular” assessments can be monthly, quarterly, semi-annually, annually, bi-annually, whatever schedule suits you and the organization. The idea is that by continually reassessing your last improvement,and changing the threats and risk level,
you can create a dynamic, data-driven security program that improves the security profile dramatically, without having to
suffer through another triggering event!
The concept of CANI – Constant And Never-ending Improvement can breathe life into your security program, you can use it to improve your health, your fitness level, your guitar playing, your _______________________.
I raised my children without healthcare insurance!! Wow – what a great accomplishment! Now they are both healthy grown men who take their health very seriously. They stay in shape, exercise, both go to the gym every day or at least every other day and I think that accountability for their own health came from growing up without health insurance.
Health insurance is a scam in many ways. It has the proven result of making people not care about their own health, not being responsible for their own health because they figure, “If something bad happens, insurance will cover it”.
So they overeat, drink too much, eating transfat donuts, fried chicken, french fries and go to the doctor when their arteries start closing up at age 50, or when they find out they are pre-diabetic, or have high blood pressure.
My independent health care started when I didn’t have health insurance through my company, but then I got it and decided never to use it! That has been a point of honor for me.
I like the idea that I have to pay for my own health maintenance. If I HAVE TO PAY FOR IT, I get very picky about how much I have to spend, and the best way NOT to spend money on healthcare is to STAY HEALTHY!
A revolutionary thought! But – hey, it’s worked for me my whole life. I have never been sick, except for scarlet fever when I was 7. So go back and read some of my other posts about working out, eating fresh, whole, organic food, and doing yoga, and whether you have health insurance or not, you may find there’s a way to stay healthy!