Security Innovation Awards Silver Medal: Leadership and innovation merge to secure Houston-based hospital system

Major security retro fit for legacy systems for 13-hospital group in Houston


The plan resolved the various issues of disparity, operational inconsistency and offered a long-term savings on licensing fees. The plan also presented new challenges, both technically and logistically.

We formalized three main objectives. They were to:

  • Obtain buy-in from various organizational business units.
  • Utilize existing network infrastructure for fault tolerance and resiliency.
  • Maintain 24/7 operational effectiveness throughout the conversion process.

After identifying the objectives, the team conceptualized the solutions road map, which included:

• Upgrading the access control software to support centralized management across multiple locations, which meant replacing the antiquated access control product previously installed at the Texas Medical Center with C•Cure 9000.

  • Install Hugs and integrate it with the C•Cure 9000 system.
  • Rebuild command center at Memorial City Hospital.
  • Include new top-of-the-line computers and associated hardware and software components for a scalable, long-term video management system.
  • Include a new video wall and new desktop monitors.
  • Upgrade command centers at other locations.
  • Rebadge all staff members, which included updating databases, deleting unnecessary entries and editing the partitioning for every badge-holder.

Unfortunately it’s common for security directors to feel we can’t afford the solutions we need or that we will not be able to get approval for our plans. But we were able to get the plan approved by following several strategic courses.

Among the most important was working to eliminate the turf battle by reminding people our intentions were aligned with the needs of the organization and that the proposed methods supported our initiative. We also spent time educating the decision-makers on the pros and cons of the current system implementation and on how our proposed design would enhance the current level of security and situational awareness.

We highlighted the cost savings, factored in new efficiencies and developed a long-term budget, which created a strong financial argument. And finally we demonstrated efficiency and effective utilization of manpower.

We were successful and obtained the necessary approval to execute a 3-year FOCUS Agreement at $650,000/year including systems remediation, guaranteed response and basic system administration.

 

Deployment

James Wright and Daniel Hickman were the leading Tech Systems engineers assigned to our conversion project. It didn’t take long for the mistakes of the past to emerge.

First, we identified what technology was there and determined what was working and what wasn’t. Then we dug into the individual systems and found a lack of standardization for data input and management. Together we developed a congruent method for the data input and maintenance.

Upgrading a legacy security system comes with many unknowns. The performance and wiring for each of the access control and video surveillance components needed to be tested and assessed to allow Tech Systems to perform the necessary updates and replacements.

We also discovered that four of the 13 locations were not on the Memorial Hermann corporate WAN. This presented a major challenge to get the IT department on board with expanding the corporate network to accommodate our request to converge the security system.

The IT staff was initially reluctant, but cooperated as every department became aware of the need for this transition. Greg Trautman and Carol Hawthorn of Memorial Hermann IT staff were integral to this process and continue to work closely with Tech Systems for the ongoing conversion process and necessary maintenance.

The architectural challenge we faced was adherence to Memorial Hermann’s policy around virtualization. We took an innovative approach using a Microsoft SQL Server in a Geo-Cluster configuration. This provides a complete failover solution and in-house redundancy. The benefit is that system failures can be recovered very quickly, sometimes seamlessly. The Memorial Hermann IT staff could better control and manage the resources they allocate to the security system by monitoring the workload on the database.