Trust of Hospital workers – how security can be breached


surgical equipment


This blog addresses the issues that arise with employee access to confidential data, medicines and surgical equipment, and restricted areas

When patients are admitted in to hospitals, they put the trust of their lives in to the hands of the medical team who are there to help and treat them. The patients believe that no intentional harm should come to them while in the hospital care. Details of their treatments and personal information should be kept private and confidential, and in accordance to data protection acts.

A case in the USA was reported where a nurse had tampered with the patients IV bags. These IV bags contained painkillers which the nurse wanted for her own use. However, in taking small amounts of this painkiller from multiple bags using a syringe, she was transferring bacteria to each patient that was then given these bags. The nurse tampered with these bags in a storage room and not by the patient’s bedside. This act of tampering with the IV bags resulted in 23 patients being infected.

A case in Canada was reported where it was found that surgical equipment had been tampered with. In this case, the item was found before it was used; however, it could have had disastrous implications if it had been used. Sterilizing of medical equipment is carried out by more than 60 people at this particular hospital, so identifying the person responsible would be an extremely difficult task.

Several audits have been carried out on hospital devices, with the results finding that they are vulnerable to security threats, including the uncontrolled distribution of passwords, disabled passwords, hard-coded passwords for software intended for privileged device access. A password in the wrong hands can have catastrophic implications, including patients being left vulnerable to their medical records being accessed.

Each of the cases and audit mentioned above identify different ways in which harm can be caused to a hospital patient. A biometric access control solution such as palm vein can be implemented to prevent and eliminates such cases from occurring. By using a palm vein technology solution, a hospital employee is tracked when accessing highly secure areas such medical cabinets, surgery room, surgery instrument cupboards, patient rooms, and hospital computers and networks. By attaching devices to these areas, hospitals can ensure that the correct medication is getting to patients at the right time and without being tampered with. Unauthorized people will no longer have access to hospital computers; a palm scanner connected to a computer acts as the sign-on mechanism for the user, without any password required. This method for logging into a computer can also be extended to applications on the computer or hospital network.

The use of fingerprint authentication is not a suitable or reliable form of authentication for use within hospital environments. Fingerprints are worn away over time or can be damaged by cuts or burns. Unlike palm vein technology, fingerprint authentication is not a contactless form of authentication. Hospital workers would be required to touch a glass panel in order for the reading to be made. This makes it possible for viruses and bacteria to be transferred.

The palm vein solution is a highly secure and contactless biometric solution that works by reading the vascular pattern of the palm. These patterns are unique to each individual and exists underneath the skin layer so they cannot be forged thereby making it more secure than any other biometric device. Being contactless and technologically advanced, it is extremely appropriate government workers, authorised personnel and third-party contractors where security cannot be compromised.

WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on