Risk

RISKAlert November, 2014 Updated Incident Planning for Healthcare Facilities

Posted on December 16, 2014 6:34 pm by Caroline Ramsey-Hamilton Comment

Incorporating Active Shooter Incident Planning into Health Care Facility Emergency Operations Plans

National preparedness efforts, including planning, are based on U.S. Presidential Policy Directive (PPD) 8: Preparedness, which was signed by the President in March 2011. This updated directive represents an “evolution” in understanding of national preparedness based on lessons learned from rom natural disasters like Hurricane Sandy, terrorist acts like the Boston Bombing and active shooter and other violent incidents.

Preparedness is centered in five areas: Prevention, Protection, Mitigation, Response, and Recovery. These concepts are applied to Health Care Facility (HCFs) Planning for active shooters and other violent incidents.

Emergency Operations Plans for Health Care Facilities (EOPs) should be living documents that are routinely reviewed and consider all types of hazards, including the possibility of an active shooter or terrorist incident. As law enforcement continues to draw lessons learned from actual emergencies, HCFs should incorporate those lessons learned into existing emergency plans or in newly created EOPs.

It advises a whole community approach that includes staff, patients, and visitors as well as individuals with access and functional needs. Examples of these populations include children, older adults, pregnant women, individuals with disabilities, etc.

The key concepts include not only familiar concepts like “Run-Hide-Fight” but also concepts on addressing a wider range of risks (threats), how to do drills, improvement of situational awareness activities, expanding the definitions of risks, how to do Psychological First Aid (PFA), and how to integrate these with HIPAA guidelines and Rules and the importance and role of Security in Emergency Operations Planning (EOPs).

Lesson Learned : Don’t Wait to Respond!

A 2005 investigation by the National Institute of Standards and Technology into the collapse of the World Trade Center towers on September 11, 2001, found that people close to the floors impacted waited longer to start evacuating than those on unaffected floors. Similarly, during the Virginia Tech shooting, individuals on campus responded to the shooting with varying degrees of urgency. (ref: Federal Building and Fire Safety Investigation of the World Trade Center Disaster: Occupant Behavior, Egress, and Emergency Communications.)

Frequent Security Situational Awareness Training, and Active Shooter –
Disaster Drills can prevent this “frozen” phenomena and save lives in
a violent incident , a terrorist attack, or a disaster scenario.

RISKAlerts are publications of Risk & Security LLC

White House Security Breach -WHO DIDN’T LET THE DOGS OUT!]

Posted on September 22, 2014 1:18 pm by Caroline Ramsey-Hamilton Comment

**RISK Alert Alert #590 – White House Security BREACHED**

UPDATED Dateline: Sept 23, 2014

White House Attacker had been ARRESTED TWICE BEFORE, INCLUDING ON
AT THE WHITE HOUSE, CARRYING A MACHETE!

In Federal court, prosecutors said the Gonzalez car contained 500 rounds of ammo,
guns, assault rifles, a hatchet and a machete!

AND HE HAD BEEN ARRESTED TWICE BEFORE, including in August 2014, carrying a
hatchet on the White House Lawn. And on July 19, after being spotted driving recklessly
in a gray Ford Bronco, Gonzalez was charged in Wythe County, Virginia, with evading arrest
and possession of a weapon after he was found in possession of 11 weapons, including a
sawed-off shotgun, assault rifles and knives, and map — with the White House circled!

The Nation Was Shocked on Sept. 19 when an intruder not only jumped the fence,
but was ABLE TO ENTER THE FRONT DOOR of the White House. Controls that should
have been in place were apparently not ready for an actual security incident.

When even elementary schools have access control and card key systems, it is really hard
to believe that there is NO CARD KEY SYSTEM for the White House.

SECURITY IS A PROCESS, and that’s why Security Plan, Security Policies, and Security

Procedures are in place for every U.S. Federal Building. Obviously, at the White House, the
process is broken, or agents are willfully ignoring the security controls which should be in place
100% of the time. Every government building should have strong access control systems in place.

The intruder, Omar Gonzalez did the unthinkable, according to the
Washington Post. They reported that the 42-year-old ex-veteran from
Texas climbed over the north fence line along Pennsylvania Avenue,
toward the eastern side of the house’s circular driveway. His breach
set off the standard security alarm across the compound. Officers
rushed to the North Lawn but were unable to reach him on foot as
he ran, arms pumping, threading the needle between the fountain
and a security guard booth and ignoring their commands that he stop.
Gonzalez actually entered the White House because the door was UNLOCKED!

What We Learned:

Security Procedures and Policies MUST BE FOLLOWED 100% of the Time
for Security to be Effective. In this incident, the major problems included:

Front Doors MUST BE LOCKED to keep intruders out.
Canine that was on the job should have been released.
Active Monitoring of cameras was not effective. Was the intruder missed?
The perimeter fence is obviously not up to the job. In fact, a 2^nd jumper
breached the fence again on the same day,RISKAlertis a publication of Risk & Security LLC

RISKAlertis a publication of Risk & Security LLC

Psychiatrist Shoots Mental Patient who Killed His Caseworker at Mercy Fitzgerald Hospital

Posted on July 25, 2014 7:07 pm by Caroline Ramsey-Hamilton Comment

Psychiatrist Draws Gun in Mercy Fitzgerald Hospital and Shoots the Mental Health Patient who Killed his Caseworker by Shooting Her in the Face. Witnesses near the scene reported hearing screaming and gunfire, as suspect and mental health patient Richard Plotts confronted his caseworker, Theresa Hunt, and then drew his gun, and killed her. Another bullet grazed a doctor, adjacent to the scene, but the doctor had a gun of his own, and he shot Plotts 3 times in the torso.

The doctor, identified as Lee Silverman, was treated was treated for a head wound and released after being taken to the Hospital of the University of Pennsylvania. The shooter, Richard Plotts, of Upper Darby, Pennsylvania, who had a long criminal record, was undergoing surgery Thursday night at the Hospital of the University of Pennsylvania. If he survives, he will be charged Friday with murder, said Delaware County District Attorney Jack Whelan.

There is a Lesson Here — KEEP POTENTIAL SHOOTERS WITH WEAPONS OUT OF HOSPITALS.

A is for Access Control! Once a potential shooter brings a weapon into a hospital, everything is much more difficult to control. Keep them out.

Weapons should be checked at the hospital entry points and no-weapons signage should clearly indicate that weapons are not allowed, and that should be followed up with either stand-alone, or wand metal detectors which give staff members a initial level of protection.

usa-shooting-pennsylvania

Bernice Ho, a spokeswoman for Mercy Fitzgerald Hospital, said Thursday it was against hospital policy for anyone other than security guards to carry weapons, so there are questions about why this doctor disregarded the policy, although Donald Molineux, chief of the Yeadon Police Department, said “If Silverman returned fire and wounded Plotts, he without a doubt saved lives.”

District Attorney Whelan described how the meeting among Plotts, Silverman, and Hunt abruptly took a violent turn. Plotts and Hunt went to Silverman’s third-floor office shortly before 2:30 p.m., Whelan said. Plotts was apparently armed, and people near the room soon heard shouting.

Concerned, a hospital employee “actually opened the door, saw him pointing a gun at the doctor,” Whelan said. The worker shut the door quietly and immediately called 911. Plotts then opened fire. According to Whelan, he shot Hunt two times in the face. The psychiatrist then ducked under his desk, retrieved his gun, and came up shooting, striking Plotts three times.

Keep Weapons Out of the Hospital to Dramatically Reduce Violent Incidents!

Aventura Hospital Patient Strangled in his Room on July 1st,, 2014

Posted on July 2, 2014 4:09 pm by Caroline Ramsey-Hamilton Comment

RiskAlert INCIDENT REPORT 565 –

Patient Strangled in Aventura Hospital, Florida

32-year old Behavioral Health Patient found Strangled to Death
in his Hospital Room

32-year old Alex Paloumbis diagnosed with bipolar disorder and schizophrenia at a
young age, had been in the hospital for two weeks. He was on the fourth-floor psychiatric
ward when he was attacked by the patient in the next bed.

The other patient in the room, identified by police as Alexander T. Jackson, 31, was
charged with first-degree murder and remained in Miami-Dade County Jail on Monday
with no bond. Jackson, who is homeless, was admitted to the hospital around 10 a.m
Thursday, the day of the murder, which occurred about 3 p.m. the same day. He was
put in the same room with Rios, according to the arrest report.

LESSONS LEARNED:

Behavioral health patients require extra controls including
live, continual camera monitoring, use of appropriate
medication and possible use of restraints.

Patients may pose a danger to others, as they did in this tragedy,
and should be under continuous supervision.

Rios was last seen alive at about 2:45 p.m. Thursday. At 3:36., a hospital
housekeeper found him face down on the floor. “The defendant admitted
to killing the victim by strangling him with his hands and a bedsheet,”
according to the report.

While administrators declined to comment on the security procedures at the
hospital, IAHSS (the International Association for Healthcare Security & Safety)
President Marilyn Hollier said psychiatric floors generally have lock-down
procedures, metal detectors, seclusion rooms and cameras at the access
points. It is not known whether any of these security controls existed at the
hospital. Hollier also stressed that security officers need specialized
training to deal with behavioral health patients.

Aventura Hospital, located near I-95 north of Miami, Florida, has a large
behavioral health unit with 46 beds. The victim’s mother said her son was
never violent. “He never, never, never raised his voice,” Paloumbis said.
The mother was summoned to the hospital Thursday. She was told come
quickly and then was ushered into a room where police officers and detectives
were waiting. Though she had limited English skills, she understood that
her son was dead and initially thought that he may have died from a heart attack
or other natural causes.

Stay Situationally Aware and Continuously Monitor Behavioral Health Patients!

RISKAlert® is a publication of Risk & Security LLC at www.riskandsecurity.com

What Went Wrong at Fort Hood? Another Active Shooter?

Posted on April 8, 2014 5:43 pm by Caroline Ramsey-Hamilton Comment

RISK Alert Alert #530 – Fort Hood Active Shooter-April 2, 2014

Dateline: April 5, 2014

Shock and grief were the reactions when the news said, for a second time, a shooter
inside Ft. Hood near Killeen, Texas had killed 4 and injured 13 in another Active Shooting
Incident. Everyone remembered the first major shooting attack in November 2013, when
a major killed 13 and injured 43 because he did not want to be deployed to Afghanistan.

A total of 73 injured and/or killed in the two incidents!

How could this have happened? The Department of Defense had implemented many of
the recommendations of its internal, and independent review panels, and the changes had not
been enough to prevent another active Shooter incident.

The 34-year old shooter had apparently been denied a leave form, and asked to come
back the next day and he came back, with a .45-caliber Smith & Wesson semiautomatic
handgun, recently purchased at Guns Galore, and started shooting. He eventually turned
the gun on himself, after firing 35 rounds in two buildings over a 2 block area. He had a
history of mental issues, and had recently been transferred to Fort Hood.

What We Learned: The After Action Review “Protecting the Force” had detailed 89
recommendations, but by Sept. .2013, only 52 had been
implemented and none included an Active Shooter Risk Assessment.

A comprehensive Active Shooter Risk Assessment has to be the first recommendation
after any Active Shooter event. Recommendations from the previous shooting were concentrated
on new policies and procedures, mental health screening, education and training programs but
those controls did not directly influence PREVENTION of incidents.

A Review of the Most Important Active Shooter controls would have been more
likely to prevent a future shooter event, like:

Tightened Access Controls for Facilities
- Panic Alarms
- Tracking of Potential Troubled Individuals
- Metal Screening for Weapons
- Policy on Personal Weapons on Base
  
  After the Navy Yard shooting in September 2013, another round of recommendations
  were made to improve security at all DOD installations, however, a Pentagon official
  said on Thursday, April 4th, that the new recommendations had not yet been put into
  effect at Fort Hood. Unfortunately, at Fort Hood, very little had changed from 2009
  regarding security procedures for soldiers at the entrance gates.
  
  Stay Alert and make sure that any Security Incidents are reported IMMEDIATELY!

Loss of Malaysian Airlines Flight Points Out Airline Security Weaknessess

Posted on March 24, 2014 12:02 pm by Caroline Ramsey-Hamilton Comment

Monday, March 25, 2014.

This morning the Malaysian Government stated that based on all their “new”
calculations, they have concluded that Flight 370 went down in the southern
Indian Ocean.

Has terrorism been counted out for this flight – no. Until the whole story is known,
it will be impossible for anyone at this point to say that this happened because of pilot
error, mechanical failure, bad weather, or anything else. However, as we watched
the near continuous news coverage of this ill-fated flight, it was impossible to ignore
the many security weaknesses that were revealed as the drama played out, and
experts proposed possible new theories, even alien abduction!

The airlines around the world, and even the Federal Aviation Administration (FAA),
have always maintained their unique security standards, unlike other industries
which have generally accepted security practices that are used worldwide. This
standardization of security elements has made it easier for multinational corporations
with offices worldwide, to secure their supply chains, ensure improved safety and
security for their employees, contractors and vendors, and, in my opinion,
contributed to making the world a safer place.

Unfortunately, this uniformity and standardization of security practices is not
mirrored in the airline industry globally, and even blatantly ignored by other
airlines, operating in other countries.

International travelers often see the little sign that says something like: THIS
AIRPORT HAS BEEN CLASSIFIED AS UNSAFE. Of course, because these
airports are often the only airport in the country, they are used anyway.

But the fate of Flight 370 has shocked some security experts by uncovering the
lack of security at a respected airport, generally thought to be safe and secure.

For example, right after 9/11, the FAA moved quickly to security the cockpit of
U.S. planes, and keep them locked and secure during flight. So it was quite a
surprise to have a young girl smiling and telling CNN how she partied with the
co-pilot in the cockpit during a recent flight.

“The FAA rule sets new design and performance standards for all current and
future airplanes with 20 or more seats in commercial service and all cargo
airplanes that have cockpit doors. Specifically, the rule:

Requires cockpit doors to remain locked. The door will be designed to prevent
passengers from opening it without the pilot’s permission. An internal locking device
will be designed so that it can only be unlocked from inside the cockpit.

Controls cockpit access privileges. Operators must develop a more stringent
approval process and better identification procedures to ensure proper
identification of a jump seat rider.”

As the tragedy has unfolded day by day, security experts can see vulnerabilities
in the way security controls are both either not required or are not correctly and
consistently implemented on planes around the world.

The “Tombstone Mentality” of the airline industry and civil aviation organizations now
have the tombstones for 370 individuals, and everyone hopes that even though we
don’t know know exactly why this flight went down, we can all see that there are
weaknesses in international security that need to be addressed in the aftermath of
this tragedy.

After Action report on LAX Shooting Recommends Risk Assessments

Posted on March 19, 2014 1:26 pm by Caroline Ramsey-Hamilton Comment

The Los Angeles World Airports (LAWA) released the long-anticipated After
Action Analysis on the LAX Active Shooter Incident in 2013.

The 83-page report was written by an independent consultant who analyzed
all aspects of the Shooting incident and includes a list of “Major Observations
and Recommendations.” The recommendations are “to provide focus for
LAWA’s efforts toward continuous improvement in it’s security and emergency
preparedness programs.

These areas were highlighted in the report as “7 priority observations that merit
special consideration.

Recommendation 1.1: Evolve the LAX Security Program to reflect a more
integrated assessment of security risk and provide for the ongoing development
and management of mitigation measures.

Recommendation 1.2: Based on the RISK ASSESSMENT and updated security
plan, consider the focus and structure of security functions to determine whether
realignment and integration are needed.

Recommendation 1.3: With the benefit of recent vulnerability and risk assessments,
take a risk-based approach to evaluating current security programs and explore
intelligent use of technology.”

Once again, doing frequent Security Risk Assessments and managing the security
program and enhancements to follow the recommendations of the Risk Assess-
ment are the first recommendations in the After Action Analysis of an Active
Shooter Incident.

In my experience, in most organizations, Facility Security Risk Assessments are
not conducted correctly, are not reported to senior management, and not used as a
tool to ADJUST AND FOCUS the security program based on RISK.

Why aren’t security risk assessments done more often?

1. People don’t have the right expertise to do a full risk assessment.

2. Security managers view Security Risk Assessments are too difficult
to undertake.

3. Law enforcement personnel still do not understand the concept of risk
assessments and instead, tend to rely on checklists of controls or
security elements, rather than integrating all the information to
create a true Risk-Based model for security.

The solution to this problem is to use affordable, easy to use software tools, like
the Risk-Pro Application for Facilties Security Assessment and their Risk-Pro
Application for Active Shooter Incident to simplify the process of doing more
frequent risk assessments and using them as a management tool to focus
security so it will be able to recommend the security enhancements that are
needed, and not only how MUCH to spend, but actually dictate the order
of necessary controls.

Far from being a boring, intellectual exercise, well done security risk
assessments can dramatically reduce the possibility of an active shooter
event, and also mitigate the many negative consequences that come
from such disruptive incidents.

3 Killed, 4 Others Injured at Columbia, MD Mall Shooting

Posted on January 26, 2014 9:42 am by Caroline Ramsey-Hamilton Comment

Saturday morning at the Columbia Mall, in this neat, planned community was cold and many people decided
to go to the mall! Columbia, Maryland is a large mall, situated between Washington DC and Baltimore
in the Maryland suburbs. I’ve been there frequently – in fact, last month.

Unfortunately, at 11:15 in the morning, a young man entered the mall and started shooting. Some witnesses
said he was shooting down into the Food Court from the 2nd Level. The shots were centered in a surf, skateboard
and snowboarder store called Zumiez.

Two young people were killed, store employees, Brianna Benlolo, 21, of College Park, MD; and Tyler Johnson
25, of Ellicott City, MD, and a man police identified as the shooter. He had killed himself, but was wearing more
ammo and had more ammo around him.

A bystander was shot in the foot, and others were injured in the chaos that started when the 8-10 shots
were fired and someone yelled, “There’s a man shooting”. But these injuries were judged to be minor.

ONE MORE ACTIVE SHOOTER. ONE MORE YOUNG MAN WITH NO MOTIVE. Seven families devastated
and looking for answers.

Again, we look at access control, and due to the NRA effect, making it ridiculously easy to carry a gun, even
a concealed gun almost anywhere, we have to start with what kind of access we should allow to public places,
like schools, malls and airports.

In a risk and reward calculation, it’s basically, does the right of an individual to take a loaded gun anywhere
they want, supersede my right to safely shop at the local mall on a Saturday morning? I think it does.

Now the burden is on the mall owners about how many of these shootings it’s going to take before we start
seeing armed guards at malls, and access control devices like metal detectors, at entrances to the larger malls.
Because think of what the mall owners lost – they lost their reputation as a “SAFE” place to go. They lost
almost a whole day of sales, and maybe they will lose another day.

The local police and county Executive were on TV saying police arrived within 2 minutes of the shootings.

and the SWAT team entered the Mall and did a store by
store search, while the media trucks assembled in the parking lot.

If people want to take loaded guns everywhere and society
thinks that’s great – then store owners are going to have to
increase security and be able to have tools to exclude these
people.

Guns are for hunting, not for shopping!

Terrible day for Columbia Mall and it’s customers, I guess it’s a wonderful day for the security industry that will sell
lots more metal detectors, cameras, monitoring, panic alarms and more. Because that’s what we need to keep
the public safe.

New Active Shooter App Announced on October 20, 2013

Posted on October 19, 2013 12:27 pm by Caroline Ramsey-Hamilton Comment

FOR IMMEDIATE RELEASE

New Active Shooter app released to reduce likelihood of an Active Shooter Incident.

Active Shooter incidents have increased both in the number of incidents, as well as the number of people killed and injured in the last five years. As an aspect of workplace violence, the active shooter has become is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 injuries were annually during this time.

The latest figures show that high-risk organizations like hospitals, schools, malls, universities, military installations and even hair salons have experienced an active shooter incident and are likely to have a dramatically increased risk for experiencing an active shooter incident in the future.

Risk & Security LLC has released a new web-based app, Active Shooter Risk-Pro©, which offers an easy to use risk assessment program that assesses your organizational risk of an active shooter incident, as well as recommending solutions to prevent an incident from occuring in the future.

In additional to using the Department of Homeland Security (DHS) Guidelines on Active Shooter Response, the OSHA standard 3148 (Guidelines for Preventing Workplace Violence for Health Care, the FBI and Secret Service Guidelines on Active Shooter Incidents, and the new OSHA Inspection Directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, from September, 2011, are both included in the new, easy-to-use application.

The program has been tested on some of the largest organizations in the US, and runs on a laptop, PC or tablet, and even on a smartphone!. Active Shooter Risk-Pro© is built to be affordable and simple to use.

The web 2.0 program, includes newly compiled, updated threat databases, new active shooter incident analysis metrics, and automated web-surveys based on the DHS Guidelines..

The new program gives human services and security professionals a quick and easy way to conduct a active shooter, or general workplace violence that will recommend that will pass an audit!

The Risk-Pro© model has been used for easy software applications by the Department of Defense and over hundreds of organizations, hospitals, and local, state and federal government agencies.

About Risk & Security LLC

Risk & Security LLC is a security risk assessment and risk analysis company with over 30 years of combined expertise in security risk assessment. It develops specialized programs and applications which are easy to use, affordable and which help organizations assess their risk, the likelihood of becoing a target, and which recommend cost-effective solutions.

Risk & Security offers full service consulting on critical risk assessments including HIPAA Risk Analysis, Facilities Security Assessments, Hospital Security Assessments, Workplace Violence, Active Shooter Incident Assessment, Environment of Care and more. Risk & Security partners with security companies around the world to provide state-of-the-art security expertise to analyze risk and recommend cost-effective security controls justified by return on investment metrics.

The team of risk and security experts is led Caroline Ramsey-Hamilton, who has created more than 40 software programs, and conducted more than 200 specialized security risk assessments in a variety of environments, including companies in the United States and around the world, including in Abu Dhabi, Hong Kong, Japan, South Africa and Qatar.

Contact Information:

Caroline Ramsey-Hamilton, CHS III

Email: caroline@riskandsecurityllc.com

Phone: 301-346-9055

Twitter: www.twitter.com/riskalert

DOD-OIG Report on Security Weaknesses at the Navy Yard

Posted on October 18, 2013 10:11 am by Caroline Ramsey-Hamilton Comment

The recently released 56-page report by the Department of Defense, Office of the Inspector General found that the Navy Access Control System did not adequately control the risks to the Washington DC Navy Yard and other sites under their control.

NCACS did not effectively mitigate access control risks associated with contractor installation access. This occurred because Commander,
Navy Installations Command (CNJC) officials attempted to reduce access control costs.

As a result, 52 convicted felons received routine, unauthorized installation access, placing military personnel, dependents, civilians, and
installations at an increased security risk.

Additionally, the CNIC N3 Antiterrorism office (N3AT) misrepresented NCACS costs. This occurred because CNIC N3AT did not perform
a comprehensive business case analysis and issued policy that prevented transparent cost accounting of NCACS. As a result, the Navy
cannot account for actual NCACS costs, and DoD Components located on Navy installations may be inadvertently absorbing NCACS costs
.
Furthermore, CNIC N3AT officials and the Naval District Washington Chief Information Officer circumvented competitive contracting
requirements to implement NCACS. This occurred because CNIC N3AT did not have contracting authority. As a result, CNIC N3AT
spent over $1.1 million in disallowable costs and lacked oversight of, and diminished legal recourse against, the NCACS service provider.

You can read the entire report at: http://www.dodig.mil/pubs/documents/DODIG-2013-134.pdf

Courtesy Caroline Ramsey-Hamilton at Risk and Security LLC

caroline@riskandsecurityllc.com