In this section:
The healthcare industry has experienced a significant increase in violent crimes, from fatal shootings to aggravated assaults to verbal threats and attacks. In 2022 alone, shootings have claimed the lives of physicians, nurses and other personnel – including in North Texas. A national study found that 44% of nurses experienced physical violence and 68% were verbally abused during the pandemic.
In response, Texas Health has – and will continue – to invest in security measures and training to protect people entering its facilities from harm.
We are taking a multipronged approach to enhance campus safety, including:
- Expanding our Department of Public Safety to provide more officers to patrol building campuses, enforce our policies, assist consumers and care team members, and intervene when threats arise.
- Training our security teams at the Texas Health Security Training Academy, where we tailor the curriculum to healthcare and our system. The instruction also meets the Texas Department of Public Safety’s regulations and licensing requirements.
- Assessing potential risks in and around our campuses using threat management teams and security personnel.
- Strengthening our Workplace Violence Prevention and Intervention Program, which includes policies, training, tools and resources to help employees effectively respond to and alert others of hostile patients and visitors.
- Delivering active shooter training, drills and tabletop exercises to help system leaders and employees prepare for potential events.
- Installing locks, cameras, alerts, alarms and other security assets.
- Conducted a physical review of campuses and lockdown processes at every wholly owned hospital and reinforced security protocols with local security staff. We also began reviewing and enhancing security procedures at Texas Health Physicians Group practice locations and Breeze Urgent Care clinics.
- Retained a third-party consultant to audit security programs and share best practices.
- Conducted more than 360 active shooter training sessions with various departments across the system and added tools and resources to help de-escalate situations.
- Increased the number of unarmed and armed police and upgraded and installed additional cameras and alarms.
- Continued evaluating evidence-based best practices, policies and other protective barriers to help identify the most effective tools to protect teams and visitors.
The healthcare industry continues to see rapidly evolving cyber threats, including the increasing sophistication of phishing attacks and ransomware. To reduce the possibility of cyberattacks and privacy breaches to our IT systems, our Cyberthreat and Incident Response Team monitors our network, builds firewalls, deploys intrusion protection tools, and encrypts and restricts access to protected information. We evaluate our systems by conducting audits and contracting with independent specialists. We also protect medical devices from threats and map how devices communicate to provide protection mechanisms.
Given our work's critical nature, we must always have access to IT systems. Should a power outage or a network disruption occur, users can securely access critical systems from any location with internet access. We also have backup power supplies, data centers and alternative telecommunications channels to share and receive information continually. Redundant systems help protect critical applications and data from major natural disasters or physical security threats.
- Increased the use of zero-trust security models, which verify the identity of users and devices before granting access to sensitive systems and data.
- Expanded multi-factor authentication to provide an extra layer of security for accessing critical systems and data.
- Implemented robust security systems and processes to help detect and prevent phishing attacks and continued training employees on how to identify and report these attacks.
- Deployed cyber vaulting services to store sensitive information and protect against data loss securely.
- Increased the rigor of its due diligence and monitoring of third-party security controls.