Ben's Book of the Month: Review of "Hospital and Healthcare Security"


Posted on by Ben Rothke

When I first requested a copy of Hospital and Healthcare Security (Butterworth-Heinemann 012-4200486), I assumed it was brief high-level reference on the topic. Upon getting this monster of a book, I read as Tom Smith wrote in the forward, “this is the bible of healthcare security”.

Source: Amazon

At just over 700 pages, the book is indeed a comprehensive reference for everything related to hospital and healthcare facilities security related.

In this, the 6th edition of the book, authors Tony York and Don MacAlister have written a most valuable and helpful reference. In the books 26 chapters, there’s hardly an area the authors don’t cover.

The focus of the book is around the creation of effective physical and logical security controls for hospitals and healthcare facilities. There is perhaps nothing more frightening to a hospital security team than the prospect of a newborn being kidnapped from the maternity ward. While the odds of that happening are actually extremely low, the perception is that it does happen often. The book shows how a team, led by a competent head of security, can have a framework for implementing these broad sets of security controls to minimize the chances of a newborn kidnapping (and every real scenario) from ever really occurring.

The first chapter on The Healthcare Environment provides a sound introduction to how hospitals and healthcare organizations work, included who the stakeholders are and the various regulatory bodies and standards involved in a hospital setting. Even those who’ve worked in the industry for a while will find the chapter insightful.

The book then builds on that foundation and shows the reader the myriad areas that needs secure to ensure the complete physical, logical and digital security of a modern hospital.

I enjoyed the fact that the book has a focus on practical and actionable security, as opposed to theory. Anyone who has ever studied for the CISSP certification examination will have come across the Bell-LaPadula model; which is used to enforce access control. While a fascinating theoretical model, once is hard pressed to find even a single commercial organization over the last 30 years who have used Bell-LaPadula.

Even at 700-pages, there are some areas that book is lacking in. The overall theme of the book focuses on the physical security aspect, such that topics such as firewalls, encryption, anti-malware, patching and the like are not dealt with in depth.

But for those looks for an all-inclusive guide to the topic, one is hard pressed to find a better resource than this.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community