WellAware Blog

News, Insights, and more on Industrial IoT

Latest Stories

Featured Stories

Filter By Categories
Cameron Archer
June 09, 2020

Why Building Management Systems Put Your Hospital At Risk

The most important mandate for any hospital is to deliver the best care possible for patients. While medical professionals are absolutely critical to this mission, many leaders overlook the importance of having a reliable building management system (BMS). 

When these systems don’t work as intended, hospitals are at risk in many ways. Patient care can suffer at the hands of faulty biomedical equipment and harmful environmental conditions. Service revenues can plummet, and costs can skyrocket over unanticipated maintenance issues. Catastrophic safety incidents and cybersecurity breaches can also occur at any time.


Mitigating these areas of risk is crucial for any hospital. Doing so requires transitioning away from a BMS with partial coverage to managed services that provide end-to-end protection and help facility leads optimize physical infrastructure over the long term.

What Are the Specific Areas of Risk?

As alluded to above, there are several areas of risk that are closely tied to BMS performance. Facility leaders must have a thorough understanding of all to guide their hospitals to better solutions.

Patient Care Risks

Building management systems have a tremendous impact on patient care. 


BMS are designed to monitor and control critical equipment and infrastructure in a healthcare facility. Failures can impact critical facilities equipment, including HVAC systems, plumbing, and medical-quality air, gas, and water. Poor ventilation can harm already-sick patients, and warm temperature levels can promote bacteria growth, increase humidity levels, and enable diseases to spread more quickly.


BMS failures can also indirectly harm patients by interfering with biomedical equipment, such as MRIs, patient monitoring systems, or surgical tools. Without power or supporting infrastructure, these machines are, at best, completely useless, and at worst, a danger to the patients they are designed to treat. Physicians can’t run diagnostics, perform procedures, or evaluate the effectiveness of certain treatments without properly functioning facilities equipment that supports biomedical equipment.


Often overlooked, lighting also plays a role in patient outcomes. Hospitals must be able to control both natural and electric light exposure. Light levels influence mood, direct absorption for chemical reactions, and sleep.


Although some of these scenarios may seem obvious, it’s not uncommon for hospital leaders to overlook the value of having reliable BMS to control environmental conditions. 

Financial Performance Risks

Another area of risk related to BMS quality is financial performance. 


Without quality monitoring systems, facility leads can’t mitigate expensive bill-above events that cause overspending on maintenance budgets. Hospitals may also miss out on revenues from surgeries and imaging procedures, which are two of the biggest financial drivers for healthcare institutions. According to ASC Review, general surgeons alone can generate nearly $3M in net revenue for their hospitals, on average. 


BMS should help facility managers predict downtimes and maintenance needs for all crucial equipment, not just select machines. Many leaders mistakenly think they are more protected than they really are because they monitor the biggest, but not all, systems in their hospitals.

Webinar On Demand Video


Staff Safety Risks

Spotty BMS can also put staff members at risk. 


Our team recently surveyed a hospital that had a chiller explode near a service pathway. Fortunately, no one was hurt. However, the event could have been disastrous. We learned that the chiller was not connected to the hospital’s BMS, and the scheduled manual health checks failed to identify the root cause. Although rare, these types of incidents must be avoided at all costs.


Mentioned previously, air quality is important for both patients and staff. Airborne contaminants can have a debilitating effect on caregivers, who may need to miss work entirely due to respiratory issues. Ineffective ventilation systems can even reduce productivity for administrative staff who are responsible for billing, scheduling, and more. Caregivers also need good lighting for record-keeping, surgeries, and medication management.

Cybersecurity Risks

Finally, poorly designed BMS can create major cybersecurity problems for hospitals. Open ports, weak firewalls, and vulnerable network structures can all expose sensitive patient information. As hacking attempts grow more sophisticated, facility leads must ensure their BMS have robust security measures in place. 


To illustrate this point, consider what happened to Target in 2013. The retailer’s massive data breach occurred through the company’s BMS! Hackers gained access to millions of credit card numbers because Target failed to protect its facility management software. 


Another way that legacy BMS can fall victim to cybersecurity attacks is through weak credentialing. Facility managers sometimes fail to set new passwords and usernames for various systems, which can serve as attack planes that put PHI at risk.

Why Building Management Software Exposes Risks

BMS exposes hospitals to risk in large part because of how they are implemented and managed. Facility leads fail to integrate or upgrade their systems consistently, which creates vulnerabilities over time.

Coverage Risk

Many building management systems don’t have the capabilities to connect to every type of machine used in the healthcare setting. Some software simply cannot support the vast array of makes and models in use today. 


In other cases, the primary issue is that original equipment manufacturers (OEMs) favor specific brands and purposely exclude others. As a result, hospitals can’t gain complete visibility or coverage over their infrastructure without investing enormous capital.


Regardless, a failure to integrate every critical facilities infrastructure machine into a BMS can lead to undetected failures which lead to negative care or business outcomes. 

Capital Risk

The cost to maintain and upgrade BMS can deter many from making the updates they desperately need. Many hospitals fail to factor in the total cost of ownership (TCO) for their monitoring and control systems. They focus on upfront hardware, setup, and software licenses, which fall under the capital budget, rather than on maintenance (AKA operating) expenses. 


Leaders tend to wait to upgrade their BMS until they gain capital approval to purchase or upgrade equipment, which may only happen every decade or so. Consequently, many hospitals struggle with interoperability, reliability, and security issues as their BMS systems fall behind. 

Security Risk

BMS can serve as viable attack planes for sensitive hospital information, such as billing or electronic health record (EHR) data, even if systems aren’t directly connected. 


Unlike data centers and other IT infrastructure that are optimized, automated, and monitored regularly, BMS does not receive the same level of support or oversight. On-site facility managers often don’t have the expertise or power to ensure their BMS meets minimum security requirements. For example, in 2018, the Tridium Niagara platform, which is used in over 20,000 BMS worldwide, was identified by the FBI as a potential access point for hackers through a specific, known port open to the internet. 


Staff may also mistakenly use the same credentials across multiple systems, enabling hackers to access different databases with a single set of login credentials. Hospitals that don’t have adequate IT security and data transfer practices can easily overlook these issues.

The Benefits of Managed Services

So, how do we overcome the risks and shortcomings of BMS? 


Managed services. 


With managed services for facilities management, hospitals can gain control over all hardware, software, networking, and support. Facility managers can connect to every type of equipment and don’t have to worry about layer complexity.


Managed services often come with guaranteed data streams that are covered under service level agreements (SLAs), which tend to include definitions around data quality and security. Overall, they generate higher-quality data and support more connections to more machines. 


Hospitals benefit by being able to deliver quality patient care outcomes without having to worry about equipment or facility-level failures. They can mitigate downtime, preserve valuable revenue streams, and bolster security against cyber threats. 


At WellAware, we help hospitals and healthcare leaders take advantage of managed services through the power of the Internet of Things (IoT). Our experts understand what it takes to build platforms that connect people to assets, thus empowering them to operate more safely and efficiently. 


Want to learn more?


Let’s talk.

Like what you're reading? Sign up for updates!

WellAware Logo - Color
Ready to connect to the things that matter to your business?
Remote asset monitoring creates a more efficient workforce, pushes down your operating costs, and drives data driven business outcomes. Learn how WellAware can help you achieve your digital transformation goals.

Contact Us

- Team WellAware