Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Caroline Ramsey-Hamilton

Joint Commission Reports on Shootings in Hospitals

Some of the most horrific shootings we see occur in hospitals.  Because most people still think of hospitals as “places of refuge”,  it is always a big shock when some kind of violence or shooting occurs in a hospital, especially gun violence.

With so many active shooter incidents in the US in recent months, the Joint Commission recently released information about the number of shootings in hospitals, and found that,

They analyzed a total of 154 hospitals shootings, which took place between 2000 and 2011.  They found that 59% of the incidents took place inside the hospitals, and 41% took place outside on the hospital grounds.

Of the 59% of incident that happened INSIDE the hospital, not surprisingly, about 30% took place in the Emergency Department, and 19% in the patient rooms.   We all remember the John Hopkins incident that occurred in a room where the shooter shot his mother’s doctor, and then locked the door and killed his mother and then committed suicide.

Of the 41% of incidents that took place outside, but on the hospital’s ground, 23% took place in the parking lot, which underscores how important it is to have a designated manager for the parking facilities.  We have seen stories about a man in Tennessee who had a meth lab IN HIS CAR in the hospital parking garage, and the poor baby tossed off the roof of a parking garage.

The 154 hospital shootings resulted in a total of 235  people who were Injured or who died in the incident.   The most common
victim was the perpetrator (shooter) and that accounted for 45% of the people injured or killed. 

Another 20% of the victims were the hospital employees, including physicians (3%) and nurses (5%).

hospitalhallway2-tiny
Another interesting highlight of the report, was that 50% of the shootings that took place in the
emergency departments were the result of the shooter taking the security officer’s gun!
The dramatic increase in Active Shooter incidents, including the Washington Navy Yard Shooting, the LAX
shooting and the Sparks middle school shooting all illustrate that the trend is moving toward more incidents per year, and more people dead or injured in each incident.
For example, from 2000 to 2004, there was, on average, only 3.8 active shooter incidents per year.  Then,
from 2005 – 2010, the average number of incidents per year increased to 11 incidents a year, and from
2011 to 2013, it jumped again to an average of 17 incidents per year, which is over a 300% increase from 2000.The statistics clearly show the trend of increasing gun violence in our society, and until society can find a way to reverse
the trend, hospitals will be looking at the possibilities to stop the violence at the door to their emergency department.

 

Source for hospital shooting data:   Hospital-Based Shootings in the United States: 2000 to 2011 by Gabor D. Kelen, MD, Christina L. Catlett, MD, Joshua G. Kubit, MD, Yu-Hsiang Hsieh, PhD

 



The LAX Shooting and the Active Shooter Threat

With the 3rd Active Shooter incident in less than 45 days, you are probably wondering what is happening here?  Why are we having so many active shooters?

There are not any easy answers, but one thing is certain, all the shooters in the Navy Yard Shooting, the Sparks Middle School shooting, and the LAX Shooter all suffered from psychological problems.

In the LAX shooting, the shooter ‘s parent had tried to contact the police because of a suicide text they had received, but it was already too late.

Police red tape being what it is – thorough, the urgency was lost and the incident was already in process before anything had been done.

BUT NOTE: The text was a HELP ME.  And it was noticed, but not followed up in time.

All these shooters had major mental issues, that people had noticed, and
that people had remarked on, and that people had worried about.

We don’t know where all the guns in the incidents were purchased, or just picked up at home and taken to the scene.

BUT we know that most of the active shooters had mental issues, which means that the screenings must be approved, and more help available for these individuals, before they can kill or hurt others.

 



New Active Shooter App Announced on October 20, 2013

FOR IMMEDIATE RELEASE

New Active Shooter app released to reduce likelihood of an Active Shooter Incident.

Active Shooter incidents have increased both in the number of incidents, as well as the number of people killed and injured in the last five years.  As an aspect of  workplace violence, the active shooter has become is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 injuries were annually during this time.

The latest figures show that high-risk organizations like hospitals, schools, malls, universities, military installations and even hair salons have experienced an active shooter incident and are likely to have a dramatically increased risk for experiencing an active shooter incident in the future.

Risk & Security LLC has released a new web-based app, Active Shooter Risk-Pro©, which offers an easy to use risk assessment program that assesses your organizational risk of an active shooter incident, as well as recommending solutions to prevent an incident from occuring in the future.

In additional to using the Department of Homeland Security (DHS) Guidelines on Active Shooter Response, the OSHA standard 3148 (Guidelines for Preventing Workplace Violence for Health Care, the FBI and Secret Service Guidelines on Active Shooter Incidents, and the new OSHA Inspection Directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, from September, 2011, are both included in the new, easy-to-use application.

The program has been tested on some of the largest organizations in the US, and runs on a laptop, PC or tablet, and even on a smartphone!.  Active Shooter Risk-Pro©  is built to be affordable and simple to use.

The web 2.0 program, includes newly compiled, updated threat databases, new active shooter incident analysis metrics, and automated web-surveys based on the DHS Guidelines..

The new program gives human services and security professionals a quick and easy way to conduct a active shooter, or general workplace violence that will recommend that will pass an audit!

The Risk-Pro©  model has been used for easy software applications by the Department of Defense and over hundreds of organizations, hospitals, and local, state and federal government agencies.

About Risk & Security  LLC

Risk & Security  LLC is a security risk assessment and risk analysis company with over 30 years of combined expertise in security risk assessment. It develops specialized programs and applications which are easy to use, affordable and which help organizations assess their risk, the likelihood of becoing a target, and which recommend cost-effective solutions.

Risk & Security offers full service consulting on critical risk assessments including HIPAA Risk Analysis, Facilities Security Assessments, Hospital Security Assessments, Workplace Violence, Active Shooter Incident Assessment, Environment of Care and more.  Risk & Security partners with security companies around the world to provide state-of-the-art security expertise to analyze risk and recommend cost-effective security controls justified by return on investment metrics.

The team of risk and security experts is led Caroline Ramsey-Hamilton, who has created more than 40 software programs, and conducted more than 200 specialized security risk assessments in a variety of environments, including companies in the United States and around the world, including in Abu Dhabi, Hong Kong, Japan, South Africa and Qatar.

Contact Information:

Caroline Ramsey-Hamilton, CHS III

Email:  caroline@riskandsecurityllc.com

Phone:  301-346-9055

Twitter:  www.twitter.com/riskalert

 



DOD-OIG Report on Security Weaknesses at the Navy Yard

The recently released 56-page report by the Department of Defense, Office of the Inspector General found that the Navy Access Control System did not adequately control the risks to the Washington DC Navy Yard and other sites under their control.

NCACS did not effectively mitigate access control risks associated with contractor installation access. This occurred because Commander,
Navy Installations Command (CNJC) officials attempted to reduce access control costs.

As a result, 52 convicted felons received routine, unauthorized installation access, placing military personnel, dependents, civilians, and
installations at an increased security risk.

Additionally, the CNIC N3 Antiterrorism office (N3AT) misrepresented NCACS costs. This occurred because CNIC N3AT did not perform
a comprehensive business case analysis and issued policy that prevented transparent cost accounting of NCACS. As a result, the Navy
cannot account for actual NCACS costs, and DoD Components located on Navy installations may be inadvertently absorbing NCACS costs
.
Furthermore, CNIC N3AT officials and the Naval District Washington Chief Information Officer circumvented competitive contracting
requirements to implement NCACS. This occurred because CNIC N3AT did not have contracting authority. As a result, CNIC N3AT
spent over $1.1 million in disallowable costs and lacked oversight of, and diminished legal recourse against, the NCACS service provider.

You can read the entire report at:  http://www.dodig.mil/pubs/documents/DODIG-2013-134.pdf

 

Courtesy Caroline Ramsey-Hamilton at Risk and Security LLC

caroline@riskandsecurityllc.com

 

 

 

 



Planning an Active Shooter Drill, Why Once is Not Enough

Almost every day I get a note that a hospital or corporate facility is planning to have an Active Shooter Drill.  That is always good news because it is a critical part of preparedness that protects not only against an active shooter incident, but also prepares the staff for other emergencies, but it may not be enough.

I’ve found that to be really effective, drills need to be supplemented with short training sessions, and also awareness programs that teach staff to be on their toes, or “situationally aware”.   Security awareness training doesn’t have to be a full time job and it doesn’t have to be expensive.

One of the best ways to create an on-going security awareness program is to make a 12-month calendar, with an activity for each month, or better yet, every two weeks.   Here’s a list of activities I use:

1.  Start with a one page newsletter.  You can have the marketing department help, or use WordPress to design your
own newsletter and email it out to all the staff.  Whether your staff is 100 people or 6000 people, it’s a great way to promote the security program.

2.  Send out very short emails highlighting news items about security incidents at other companies, especially ones in your industry, for example, hospitals.  If there’s a terrible incident at another hospital, cut and paste the story and email it to everyone.  In fact, if you’re an IAHSS or ASIS member, their publications have great stories about different security situations.

3.  Use seasonal reminders.  Now that it’s late October and daylight savings time is almost over, send an email reminding staff how to stay alert when they leave the facility after dark and head for their car.  How to use the escort service, if that’s available, or how to use your keys as a weapon in a potential incident.

4.  Buy posters to put in the cafeteria, or in the elevators that serve as reminders about the concept of staying alert and aware of your surroundings at all time.

I have interviewed more than 8000 staff members in the last 10 years, and they welcome these reminders and feel more secure just because you are keeping awareness up.   Remember, it also reminds everyone that there is a Security Department, and that is working every day to keep them safe.

The Department of Homeland Security also provides free brochures and charts you can print out and give to employees, or you can email them for the staff member to print out and put in their purse.  There are wallet sized cards, and lots of other great information you can use in your own active shooter awareness program.

Check out the preliminary OIG Report, which was leaked to Time Magazine on their swampland.com site at

Read more: http://swampland.time.com/2013/09/16/exclusive-navy-yard-dropped-its-guard-pentagon-inspector-general-says/#ixzz2f6qWCshc

 

 



What’s Your Active Shooter Risk? How to Assess the Threat!

Just the idea of an Active Shooter in your organization, whether you’re a military base, like Fort Hood, and the Washington Navy Yard, or a school like Sandy Hook, a beauty shop, a cracker factory in Philadelphia, a retail mall, a movie theatre, a grocery store parking lot, or a hundred other places, is a terrifying thought.

I lived about 3 miles from one of the shooting sites, a gas station, used by the Beltway Snipers back in October, 2002.  They killed ten people, totally at random, and critically injured three others.   Both of the snipers were sentenced, and John Muhammad was killed by lethal injection in 2009.

If you lived in the DC area, do you remember how scary it was just to pump gas into your car,  people were huddled against the side of their cars in the gas stations, and hidden by their shopping carts at the local Home Depots.

The fear of the Active Shooter comes from the seeming randomness of the action, which means there’s no way to prevent it, unless you give up, stay home, and hide under the bed all day.

But there are things you can do.  Instead of thinking of an Active Shooter incident as a totally unique situation, it’s really a form a Workplace Violence, Gas Station Violence, Parking Lot Violence and other related forms of random violence.   In fact, the Department of Homeland Security has identified quite a few steps you can take to keep yourself safer if you are in the vicinity of an active shooter (http://www.dhs.gov/active-shooter-preparedness).

Most of the shooters are mentally ill.  Normal individuals do not enjoy planning and killing strangers, and it is usually a last ditch effort, with the suicide of the shooter as the grand finale.   Their actions can sometimes be identified early, and the police can be alerted, or the Human Resources group at work, or even the local Sheriff can intervene before it gets to the actual shooting.

Signs that someone is having trouble negotiating their life, especially if that someone is a gun fanatic, with their living room full of AK-47 assault weapons and hollow point bullets, is not hard to spot, because these individuals often leave lots of warning signs, like:

  • Irrational Posts on Facebook or inappropriate tweets.
  • Threats made against friends and family.
  • A dropoff in personal hygiene, as the person gets more obsessed.
  • Problems negotiating their personal life.
  • Demonstrating signs of isolation and groundless paranoia

Organizations can protect themselves from an potential active shooter through a combination of specific controls that include elements like access control, continuous monitoring of cameras, employee awareness and training programs, clear cut evaluation routes, regular active shooter drills, and hardening of facilities, to name a few.

One of the best preventive measures is to conduct an Active Shooter Risk Assessment, which is similar to other security analyses, except that it is focused on a particular set of threats related to an Active Shooter Incident.   As part of my annual Threat Trend Reports, I’ll be releasing a new set of threat data about the Active Shooter, to help organizations calculate their risk of
having such an incident.   For example, did you know that the number of active shooter incidents has jumped from 1 in 2002
to 21 incidents in 2010?

ActiveShooterIncidentsbyYear

 

 

 

 

 

 
Locations have changed, too, and we found that

About 25% of active shooter incidents occur in schools,
About 25% in retail locations, and
About 37% in workplaces.

In future blogs, we’ll be looking at each element of the active shooter incident, and providing more information to keep
your organization safe.

 

 



Chemical Security Programs Affected by Government Shutdown

CFATS is an essential defensive program to monitor the security of the chemicals used in the U.S. CFATS stands for the Chemical Facility Anti-Terrorism Standards. The program is run by the Department of Homeland Security and is vitally important because chemicals can be used in bombs and chemical attacks.

To avoid giving terrorists and possibly drug dealers access to the raw materials that are used in the manufacture of chemicals, chemical facilities, like manufacturing plants, distribution centers, etc., are supposed to be actively monitored by security personnel who are trained in chemical security.

Fertilizer chemicals were purchased to blow up the Oklahoma City Murrah Federal Building. Chemicals are in every medication you take, including sensitive heart medication, and other pharmaceuticals that mean life or death to those to take them.

Rep. Bennie Thompson (D-Miss.) said in a statement to Global Security Newswire Friday that the incident at a fertilizer plant in West, Texas, “brought into focus the need to secure dangerous chemicals against accidental or malicious release or detonation.

Imagine if a terrorist was able to insert a poisonous ingredient in a statin manufacturing plant – over 15 million Americans now take statins to reduce their cholesterol.   Or imagine a poison ingredient put into pool chemicals, or something like putting water into jet fuel. Think catastrophe!

In fact, CFATS was just geared up because of a Presidential Executive Order issued in August, 2013, after the deadly blast in West, Texas that killed 14, most of them firefighters.  The order instructed federal agencies to review safety rules and create new strategies for plants that store hazardous materials. The order also included a review of potential new guidelines to improve storage and handling of ammonium nitrate, the explosive material that caused the West. Texas fertilizer plant explosion in April 2013.

Already this week, chemical companies that had DHS inspections scheduled for this week received notice that the site visits would be postponed indefinitely. Likewise, the review of security plan documents is also expected to be frozen, as DHS employees who normally do this work have been furloughed.

A critical meeting scheduled for this week, which included industry leaders, DHS, EPA and Occupational Safety and Health Administration officials  was canceled as a result of the government shutdown, which creates prolonged uncertainty for industry regarding what new regulations they might have to comply with and whether companies will have another opportunity to weigh in on possible changes.

Now the program has been shutdown and critical employees furloughed.

Chemical security is a critical chokepoint because of the potential for major disasters, whether accidental or intentional.

Security programs should be immune from political shutdowns that threaten the safety and security of the entire country.

 

 

 



Capitol Hill Security Incident Scares Congress- Could it Happen To You?

The Capitol Hill Security Chase and Shooting yesterday gave a bad scare to everyone – including Senators, Congresspeople, tourists, furloughed federal employees and staff who still have their jobs.

The atmosphere on Capitol Hill was already so toxic that almost everyone jumped to the (incorrect) conclusion that it was
a disgruntled voter, and so there was shock when:

1.  It was a young WOMAN
2.  There was a 1 year old child in the back seat
3.  The driver of the car was not armed and mentally ill, (probably schizophrenic).

Where are you going today on a beautiful Fall Friday?  Almost anywhere you’re planning to go has had a
major security incident in the past three years…. whether it is:

A school
A movie theatre
A mall
A hospital
The office
A public building
A hair salon

And if a security incident did happen where you were, are you confident you’d know what to do?

That brief incident at the Capitol showed how in literally one minute, the situation goes from what
passes for normal at the Capitol, to total chaos, fear and terror.   The situation was handled correctly.

The communications systems were in place to send out a quick “Shelter In Place” order, and to keep
people updated.   The poor tourists and staff who were walking in the area were laying on the ground,
hiding behind trees, and had no idea what was going on – so they probably experienced the greatest fear.

The Capitol Hill police, the first responders, were probably not expecting to have the driver be a woman
with no political agenda, if you see a car trying to rush a barracide, the logical assumption is that they
have an explosive device and are trying to get closer to the target, but that was no true in this case.

So before you venture out for the weekend, keep these tips in mind, write them down and keep them in your purse or wallet.

1.  Be Situationally Aware – note where you at all times, how close a door is, or an alternate route for
your car when you’re in traffic.

2.  Spend 30 minutes deciding how you would react in an emergency shooter situation, and make a plan,
like deciding to use your car keys as a weapon, or keeping pepper spray in your purse.

3.  Remember to turn the sound off on your cell phone, if you’re caught in a developing security incident.

4.  If police are on the scene, follow their directions quickly and exactly.

5.  Have a local emergency number pre-set in your phone so you can call for help.

As they find out more about the Capitol Hill incident, this will probably be catalogued as an isolated incident,
which took place at a very inappropriate time, and a very inappropriate place, but it’s another wake up
for everyone.

Everything can change in a New York minute — be ready, just in case it changes for you!

 

 



Has it Been Only Two Weeks since the Navy Yard Shootings?

 

When i wrote my blog about the Shootings at the Washington Navy Yard on September 16th, I got some nasty notes about “Why did you have to write about this so soon after it happened?”

Well – I guess the fact that after about 15 days, no one can even remember the incident (8 people shot to death); the name of the shooter (Aaron Alexis), or much of the details.  It seems that people have decided that it was a mentally distributed person, so couldn’t have been prevented.  This is completely wrong.

One of the issues that security directors have is how to make their organization aware of the active shooter threat without terrifying them.  How do you get a large group of people out of the “It can’t happen here” mindset?   One of the main ways to bring an issue back home is by using the incident as a security awareness notice.

Write a “Lessons Learned” email and send it to everyone in the organization.  Follow it up with a purse and wallet card with reminders on what to do when faced with an Active Shooter situation.

NavyYard-smallKeep everyone informed on what happens after the incident – how the injured are doing, and more importantly, what changes the organization has made to ensure that it won’t happen again.

Try doing a simple threat-risk assessment to illustrate to management what the chances of having an active shooter incident actually are, based on the industry, the region, and the number of problems/complaints that employees have expressed in the past.

Don’t let anyone forget that this can happen to any organization, no matter how well funded, or how secure they think they are.  Remember, if it could happen in a DOD military facility – it could happen to YOU!



Navy Yard Shooting Highlights Effect of Cuts to Navy Security

Security professionals around the entire were shocked and dismayed when they turned on the news and saw the historic Washington Navy Yard locked down, surrounded by emergency vehicles, and looking for an active shooter.

All the shock, the outrage, the Defense Department reaction, the involvement of the overlapping law enforcement jurisdictions, has apparently been already forgotten by the public, moved to the virtual ‘old story’ pile by the latest news of a mall shooting in Kenya, meeting at the UN, and the politics as usual in Washington DC.

If you graph it online, you can see the dramatic spike and then the dramatic drop-off in interest by the general public. This highlights what the security community has to deal with, in the context of a 24 hour news cycle.

My perspective on the event was personal because one of my very best friends was in Building 197 that day, a former navy commander, now a contractor, who went to work at 5 am that morning, and finally returned home at 9 pm that night.  Unlike many shootings, the PCs, smartphones were all up and operational during the event, so people were instantly able to communicate with friends and relatives as the event unfolded.

NavyYard-smallRumors ran rampant that it was terrorism related, that there were three shooters, then that rumor switched to two shooters and eventually to only one shooter, Alexis Aaron, a mentally disturbed young man who had previous events of gun violence and yet had a top secret security clearance at the time of the shooting.

If we took a poll three weeks ago and asked people which facility would they judge to be the safest, the results
would probably look something like this:

1. Military Base in the U.S.
2. Hospital
3. Regional Mall
4. Police Station

Unfortunately – this is more like a list of the places where a shooting is more likely to take place.  As all the work in workplace violence statistics shows, a domestic Military Base has been the site of two mass shootings in only the last 4 years.  This includes the twelve killed and eight wounded at the Washington Navy Yard, as well as the thirteen killed and twenty injured at the Fort Hood shooting in late 2009.  That’s an average of 6 killed each year, and 8 injured, and doesn’t take into account any random shootings, training-related injuries, only the mass shootings.

Hospitals have increased in violent incidents every year for the last ten years, and we just witnessed a mass shooting at a Kenyan Mall.

However, the hospital and the mall are both completely OPEN, they want people to come in, they don’t control access at all.
This is what is so surprising about the Navy Yard shootings, the lack of security, lack of enough armed guards, lack of current background checks, lack of metal detectors, lack of retina scanners, and every other usual form of security control.

Speculation is that the key controls were missing because of budget cuts, which means that the Navy made the decision to reduce security controls, instead of cutting other, less critical programs.  The incident makes a strong case for examining the potential Return on Investment for security controls!

Even if the shooter’s background check was “current”, it certainly had not been updated based on his own recent events, and brushes with the police, and, of course, the anger and mental health problems appears again, and is shrugged off as too tough to manage and track.

However, it is a wake up call for the U.S. Navy, the Department of Defense, the U.S. Capital Police, and a variety of other organizations who “Secure” the Washington DC Capitol zone, and it leads to more questions than answers.

Already, the questions are starting about what controls SHOULD be in place for all military bases, and, naturally, re-examining the background check process and how it could be updated and improved.

Let’s not forget this time.

 

 

 

 




top