How Organizations Are Securing Smart HVAC Systems
Since Internet of Things-enabled HVAC systems are connected to networks, facilities and engineering managers say they work closely with IT on security and software management.
At MaineHealth, for instance, Maine Medical Center’s IT department uses multifactor authentication as part of its security measures, says David Neely, the center’s senior director of plant engineering. The building automation software is also installed on redundant servers, so if one fails, the backup keeps operations running, he adds.
Houston Methodist’s IT department installed Cat5 Ethernet cabling throughout its 950-bed hospital to connect the new HVAC equipment, including smart thermostats. As part of its security strategy, facilities staff can only log in to the building automation software from the intranet, says James A. Law III, Houston Methodist Hospital’s manager of facilities management services.
The Mercy Technology Services department combined hospitals, clinics, pharmacies and other facilities into three regions to reduce the technology footprint and consolidate configuration needs, says Dan Henke, vice president of information security at Mercy.
HVAC applications moved to Mercy’s primary data center, with added physical, technical and administrative controls. MTS then converted all the systems’ authentication into a single Active Directory domain, he says.
“Mercy adheres to the principle of least privilege, restricting access to users who need it to complete their required tasks,” Henke says. “We accomplish this by using a strong identity access management program.”
EXPLORE: Senior care organizations are working to achieve sustainability goals.
Houston Methodist Improves Patient Safety and Comfort
The upgrade to a smart HVAC system allows Houston Methodist to better control temperature, air quality and energy usage. “We have critical areas like operating rooms, isolation rooms and biosafety level 3 labs that require constant monitoring of critical environmental conditions that we could not do with a pneumatic system,” Law says.
Fifteen years ago, Law says, about 70 percent of the hospital campus used an old HVAC system with pneumatic control. The other 30 percent used a legacy digital system with electronic actuators to manage pneumatic valves.
But five years ago, he presented hospital leadership with a 10-year plan to modernize to a new smart HVAC system. Today, 90 percent of the system is upgraded and digitized. Through building automation system software, Law and his staff can control, manage and monitor settings anywhere, including operating rooms, isolation rooms and MRI rooms.
For example, isolation rooms with infectious patients must have negative air pressure to prevent the spread of airborne illnesses. Before automation, staff used smoke bottles to manually test air pressure, he says: “We could only do that maybe once a day or every three to four days. But with automation, we can monitor the air pressure every minute.”
Though Houston Methodist presets room temperatures, the hospital does offer local control, so patients and staff are comfortable, Law adds. Thermostats in patient rooms can adjust temperatures to as low as 68 degrees and to as high as 74.