COVID-19 and Healthcare Security: Challenges and Opportunities for Building Enduring Systems of Safety


Physical distancing measures accelerated the adoption of telemedicine. To slow the spread of the virus and protect patients, providers utilized telemedicine on an unprecedented scale (Jalali et al., 2021). Some of these provider-patient contacts used non-HIPAA compliant, less secure communication technology, opening the door to a slew of privacy and confidentiality concerns. The Office of Civil Rights announced in March 2020 that it would use its discretionary powers to not enforce HIPAA rules on non-compliant telehealth communications. It also advised providers to “notify patients that these third-party applications potentially introduce privacy risks” and to enable all available encryption and privacy modes” (Kay, 2020). This decision allowed many patients to continue receiving care. However, the sudden shift to virtual medicine highlighted how typically secure technology can become vulnerable when providers and patients use it in an unsecure manner. These risks stem not just from unsecure networks or devices, but the surrounding environment (Muthuppalaniappan & Stevenson, 2020). Federal regulations, for example, fail to operationally define public and private space and the Office of Civil Rights notice did not offer guidance on maintaining secure Wi-Fi connections (Kay, 2020). Criminals seized this opportunity, exploiting the increased volume of virtual communication on unsecure devices and networks. Malicious actors targeted end-users with phishing, malware, and other hacking tactics. Cyberattacks on the healthcare sector increased by more than 100% in 2020 (Singleton et al., 2021).

In February and March of 2020, security teams and other departments rapidly adopted a variety of communication technologies. Virtual meeting applications such as Microsoft Teams and Zoom enabled enhanced collaboration between clinical and security practitioners. The technologies allowed staff to spend more time doing their regular work instead of traveling to in-person meetings. Many organizations plan to permanently adopt this innovation, as it creates opportunities for more effective coordination and shared knowledge. At the same time, it is critical that the U.S. adopt a set of regulations for this new era of telecommunication, and providers who wish to use telemedicine should complete training. Organizations should develop clear cybersecurity guidelines and ensure employees possess the competencies to follow these policies (Greene, 2020).


Both novel and renewed physical threats to healthcare settings should provide an impetus for security teams to reexamine their security strategies. Civil unrest, staff shortages, and workplace violence have increased since the pandemic began (Hollingsworth & Schulte, 2021). To properly address these threats in a prolonged crisis, security must maintain a heightened level of awareness. Sustaining this concentration level for several hours at a time takes a mental and physical toll on security officers. Security teams should avoid especially longs shifts and use strategies that reduce continuous periods of high concentration (e.g., rotating or clustering shifts) (Holden et al., 2021). If members of the security team request longer shifts to receive more off days, team leaders can assess the option of assigning officers duties that demand less vigilance (Holden et al., 2021).

For many healthcare facilities (HCFs), personal protective equipment (PPE) storage and security was a novel challenge. Many health organizations faced major obstacles scaling up purchases and storage of PPE to levels not previously seen. These facilities needed to quickly find new storage space, sometimes in areas not designed for that purpose. This undertaking required an augmented security presence in the form of technology, such as cameras and card readers, and additional security officers. The cases of two healthcare organizations provide valuable insight into some of challenges hospitals faced and the solutions they implemented. COVID-19 forced Toronto’s Baycrest Hospital to convert auditoriums and meeting rooms into storage locations (Personal Interview with Martin Green, 2021). Before the pandemic, they had a warehouse in a basement where they stored supplies. However, the influx of new supplies meant they no longer had the capacity to hold all of it. Three of the makeshift storage spaces remain to this day. Virtua Health in New Jersey needed to store a large volume of equipment outside in containers. They quickly had to find a solution for securing all of these valuable supplies. They worked with the security department, which provided officers to guard supplies throughout the day and night (Personal Interview with Bill Christie, 2021). This type of scenario should be covered in an HCF’s emergency response plan so that workers can deploy access, audit and inventory control processes when the need arises (IAHSS, 2020b). Departments worked more closely with each other than in the past to ensure security, environment of care, and clinical care objectives were met. Clinical staff also trained security personnel on the proper use of PPE. Security staff, for example, learned what purpose each kind of mask serves, how to get the right fit, and basic safety measures against infection. Officers were also outfitted with “utility belts” to ensure they always had access to key protective equipment (Personal Interview with Marc Sano, 2021).