Why You Should be Using Red Teams to Enhance Hospital Security
Red Teams can evaluate campus protection measures and challenge your assumptions about how secure your hospital is against the threats posed by criminals, terrorists and others.
What the Red Team Exercise Should Look Like
A Red Team exercise can be conducted in a variety of different ways and at varying levels of difficulty. Regardless of the purpose of the exercise, it is vitally important that it is carefully planned and executed. As with any security-related exercise, poor planning and lack of guidance and/or communication can result in disastrous outcomes. Here are some key considerations when designing your Red Team exercise:
• Consider what you want to get out of it. Do you want to examine your vulnerability to terrorism? Are you testing the physical security of a new unit or building against intruders? The desired purpose of the exercise should be clearly defined.
• Select your Red Team and set the operating guidelines. The guidelines define what the team members can or cannot do during the exercise. It is generally recommended that the Red Team does not engage in any activity that could cause alarm among security or other hospital staff (such as running from a scene, planting a suspicious package in a public area, etc.).
• Define when and where the Red Team will operate. Do you want them to attempt entry through your building’s perimeter or just one particular unit (e.g., ICU, Labor & Delivery)? Will they attempt this infiltration on the day, evening or night shift? On which days will they operate?
• Involve the target site’s security team. Inform them that you are conducting a Red Team exercise and give them a time frame during which they should be increasing vigilance for suspicious activity. The time frame should be purposely broad (across a week or more) to avoid making it too easy for them to identify the Red Team.
• Assign a challenge phrase for the target site’s security team and countersign for the Red Team for the exercise. This provides the target site’s security with a definitive way to identify Red Team members. The members of the Red Team should also carry official hospital identification on them at all times during the exercise. Once challenged, Red Team members should identify themselves and should not be evasive to prevent unnecessary concern among security staff.
• Red Team members
should write a summary of their findings immediately after the exercise and submit it securely to a single point of contact within the organization. A debrief of the exercise should be held after its completion and should involve the Red Team members and the target site’s security administration. Identified vulnerabilities should be mitigated wherever possible.
Red Teams Encourage Constant Readiness
Overall, the use of a Red Team and associated exercises will help to strengthen the overall security posture of your hospital. Also, these exercises will assist in increasing the ability of your security staff to recognize suspicious and surveillance-related activities. In a world where constant readiness and vigilance for threats is increasingly necessary, Red Teams should become a regular and integral part of your security program.
David Corbin, MS, CPP, CHPA is the Director of Facilities, Engineering, Public Safety & Parking at Newton-Wellesley Hospital. He consults nationally on healthcare security and is author of the blog Hospital Security Central. He drew inspiration for this article from his colleague Robert Donaghue at Brigham & Women’s Hospital. This article was originally published in February 2016.