Nov 22, 2018 in Medicine
Vulnerability Assessment of V.A Medical Hospital

A vulnerability is a gap or weakness in a security platform that can be an exploit by threats to gain unapproved access to the assets. Vulnerabilities might offer a chance to attack the assets. Vulnerabilities can be physical, technical or operational. Healthcare safety professionals are enduring to update and enlarge their threat assessments with occasions such as avian flu and natural disasters. Meanwhile, the main threats that affect hospital assets include patient’s abduction, unauthorized access and ordinary crimes. Vulnerability assessment, on the other hand is a logical method used to evaluate the facility’s safety posture and scrutinize the efficacy of the prevailing security platform at the facility. The elementary process of a vulnerability assessment initially defines what resources are in prerequisite of defense by the facility’s security suite. It then ascertains the existing security measures in order to protect those resources and defines the gaps in the existing protection. The basis is a satisfactory methodology, which that can be cast-off for budget deliberations, personnel apportionment, capital expenditures, and procedural guidelines.The essence of this paper is to discuss the process of vulnerability assessment in a hospital.

The evaluation of the vulnerability will take place at the V.A Medical Hospital located in Montgomery Alabama. It will consider the different aspects such as communication, information technology, water and power supply systems. The purpose of this vulnerability assessment is to provide the hospital personnel with appropriate ways of mitigation of the occurrence hazards such as hurricane and fire outbreaks. Hurricanes, for example, occur chiefly during a distinct period i.e. from 1st June to 30th November. The rationale for selecting the V.A Medical Hospital is based on it being a focus of a flourishing medical center; it would be the best to offer the proficient services in an event of a disaster such as a hurricane.

Type of your assignment
Academic level
The vulnerability assessment will be geared towards providing safety to the most vital assets such as by reducing the violent crime opportunities to defend people in the hospital. It will also emphasize the full range of opportunity-reduction strategies for all vital assets, which could be affected, in case a hurricane occurred. The assessment process will avoid under all costs prioritizing threats, which might otherwise result in limiting the scope. The assessment team should come up with a well-documented mission statement, which will be the main driving force of the whole process. The mission statement will identify the participants and clearly outline both the general and specific objectives of the assessment. The stakeholders will include the person who owns the hospital, all the health workers, and the whole community and society. The mission statement will identify the key issues that are of interest to all the participants. The mission will be to perform a vulnerability assessment, which identifies hazards on the hospital milieu. The hazards could adversely affect health workers, visitors and patients, and the security gaps that exist and opportunities for breach in security.

Another key part of the process is project administration, whose manager will be the team leader. Project management will define the scope of the assessment, and come up with a project work plan, milestones and timeline. It will also refine the security survey for the divergent requirements of the hospital. When piloting the duty, the assessment crew will reflect on a few major points: how a rival can execute an explicit type of attack against a particular asset or groups of assets. They will also consider how effective prevailing security procedures are in preventing, sensing, and delaying the particular attack; the existing level of susceptibility. The team to carry out the vulnerability assessment will consider the following in their final report i.e. the number of patients in the hospital, structural reliability of the hospital, the site of the hospital and the distance to the disaster services. The team will also take into consideration the redundant power supply, any barriers that might be present, and provision of external lighting. The attack methods to be considered will have been established through the threat assessment. The methods are then cast-off in combination with targeted asset lists to evaluate vulnerabilities centered on preset performance metrics or in contradiction of the recognized security guidelines.

The assessment will include both the security personnel and people who are well conversant with the hospital such as the doctors, nurses and specialists. The importance of this is to guarantee that the data collected and analyzed is accurate which will enhance the accomplishment of the objectives of the whole process. The project manager should also be well acquainted with the several assessment methodologies. Often the assessment team includes external personnel such as consultants experienced in conducting assessments for various types of the facility and exposed to other security systems. One of the chief benefits of an external consulting firm is the wide range of security strategies they bring to current vulnerability assessment.


Consultants, usually, tend to have more experience compared to internal personnel in carrying out the vulnerability assessment because of their experiences in divergent similar facilities and through the process of trial and error. It is due to this reason that consultants such as the engineers will be involved in the evaluation process to ensure effective reaction to hurricanes that would possibly affect the V.A Medical Hospital. The evaluation will be a scenario-based vulnerability assessment, which evaluates vulnerability by considering how the hazard will affect the hospital and community members. In this case, a hurricane would result in the destruction of hospitals, disruption of routine health services and preventive measures, large spontaneous or organized population movements, and long-term upsurge in morbidity and mortality.

The scenario-based evaluation process will involve several steps, which include the selection of the scenario to evaluate; study the features of the target’s or assets; evaluation of the various types of adversaries and attack modes. It will also include the evaluation of the likelihood of the existing security measure’s ability to deter, delay and detect the attack. Furthermore, it will analyze the consequences of the assets loss, damage, or destruction, and assigning the rating of the vulnerability. Scenario-based assessments are beneficial in that they are more appropriate for assessing high-cost assets and high magnitude threats. Unfortunately, this benefit also generates a problem whereby hazards with lesser impacts are not taken into account and security measures not executed.

In addition, there will be the application of a threat-based vulnerability. It focuses on the several types of threats that tend to challenge hospital practitioners. In most instances, the threats that in consideration will be those with high impact but low frequency such as sexual assault of patients, infant abduction, and regional emergencies such as hurricanes or terrorist attacks. The hospital ought to put in place more closed circuit television system (CCTV), which can detect such adversaries. Scrutiny of the CCTV should happen with direct communications to the security response force to ensure that such hazards do not occur. The threat-based assessment evaluates the vulnerability by taking into consideration how patients may be abducted, how to prepare the hospital if the stock chains are suspended for a long time, or how the loss of utilities will affect patient care. It requires a conversant assessment crew who has a good understanding of historic events at hospitals and has the aptitude to predict future events, specifically conceptual threats.

The emergency department of the V.A Medical Hospital should monitor the regional and national weather forecasting services dispatches on current weather conditions. The department should also maintain communication with Miami-Dade County’s Emergency Operations Center. Any actions aimed at response to emergencies should be properly escalated as conditions warrant. The hospital should aim at alleviating the vulnerability of its facilities and members from injury, loss of life, damage and loss of possessions resulting from a hurricane while upholding a high level of patient care. It should also prepare for efficient and prompt response and rescue activities in order to preserve lives and protect the safety, health and the overall well-being of the inhabitants of Miami-Dade County. In addition, it should be an aid in recovery from various emergencies by offering orderly and rapid implementation of rehabilitation and restoration of public health trust labelled departments, facilities, and property affected. It should also assist in anticipation, prevention, recognition, and alleviation of emergencies whose trigger or intensifier may be insufficient planning.

The vulnerability assessment will process the security programs efficacy against the valid security metrics and offer recommendations to the overall security decision makers for improvements. The vulnerability assessment will help the main decision makers to define the necessity for additional protective measures, alterations in policies and techniques, equipment upgrades, and workforce needs. The comprehensive hospital vulnerability assessment will give the main decision makers and the managers the chance to make forthcoming planning resolutions. The vulnerability assessment at the V.A Medical Hospital will lead to improved life safety, promotion of continuity of operations and protection of assets such as the laboratory and imaging equipment. The goal of promotion of health care and offering effective and affordable health services at the time of occurrence of disasters will be accomplished.


Related essays