Cybersecurity Priorities for Healthcare in 2023

By Troy Ament, Fortinet Field CISO for Healthcare

The past few years have been tough for healthcare. Organizations have faced spikes in the pandemic and constant shifts and challenges. During the first wave of being on the front lines of the pandemic, many healthcare organizations had to reinvent or invent patient treatment plans and clinical guidance, build testing centers, expand inpatient capacity and dramatically expand virtual visit platforms.

All of these digital initiatives have security implications, and healthcare is facing increasingly sophisticated cyber threats and network security complexity. We asked Troy Ament, Fortinet Field CISO for Life Sciences and Healthcare, for his thoughts on cybersecurity priorities and the threats healthcare organizations are facing in 2023.

Q: What technology changes are you seeing in healthcare?

Troy: Before I joined Fortinet, I worked for a large health system with over 4,650 hospitals and more than 60,000 employees. We were only doing 100 virtual visits per month. Now that same organization is doing over 45,000 virtual visits. There’s been a huge step forward for the healthcare ecosystem in terms of technology. After that, it was a heroic effort to vaccinate almost four billion people across the globe, which is just tremendous. These initial challenges during the pandemic continue to evolve and adapt and leverage new technologies and digital transformation. There are a few that I just want to touch on specifically.

The first is workforce mobilization. At my organization, we moved more than 6,000 people home in two weeks. We also had to manage data analytics and data sharing to provide information to state, local, and federal governments about infection rates and vaccine administration and adoption rates. Within our organization, we had to use a lot of data analytics to know where we were from a personal protective equipment (PPE) and intensive care bed rate perspective.

All the billions of doses of vaccines that were administered ended up putting a big target on the back of many healthcare and pharma organizations. Amid the vaccine rollout success, there’s that darker side, as adversaries track and take inventory of digital changes in healthcare and look at ways they can monetize their attacks.

Q: What challenges and threats are you seeing?

Troy: From the beginning of 2020 up until maybe the first half of 2020, adversaries weren’t attacking the provider space as much. But as they saw the acceleration of digital transformation and health systems becoming focused on COVID-19, they recognized the opportunity, and there was a dramatic spike in ransomware attacks. The attacks successfully disrupted operations during a time when health systems were extremely challenged, just in staffing their hospitals and having enough PPE. So, the adversaries were successful in forcing health systems to pay tens of millions of dollars in ransomware. Organizations couldn’t continue to be down because it affected patients’ ability to get vaccinations and test results.

But it didn’t stop there. The challenges went beyond the four walls of a health system. Over the last six months to a year, cloud application providers are more prevalent. They provide critical applications to health systems, such as payroll, staffing and scheduling, revenue, cycle and billing. And then, more recently, electronic medical records have been impacted. Now adversaries are going after larger cloud application service providers that should be taking a comprehensive security approach with zero-trust solutions. Zero trust is based on the concept of verifying users, devices, and data at every access point.

Q: Reliability and safety are paramount in healthcare. How are your customers making different choices to enable cyber protection in healthcare?

Troy: First and foremost is foundationally embedding security into the business practice. Even when a business wants to quickly adopt new technologies or clinical workflows, security needs to be embedded into those workflows. And then adopting a mesh-type architecture approach to security. It’s important to have a comprehensive, integrated approach to security that includes zero trust.

Right now, we’re seeing much higher adoption of multifactor authentication and having zero-trust solutions embedded into networks to minimize the impact of an attack. Healthcare organizations are doubling down on security because they’re starting to understand it better. The health systems that have become more mature within security operations to get in front of or limit the damage of attacks are being successful, and that information is spreading through the industry.

Learn more about the latest healthcare cybersecurity solutions by visiting the Fortinet Healthcare Team at ATA2023, Booth #1304. 

Troy Ament, Fortinet Field CISO for Healthcare, has more than 20 years of experience transforming information technology and security programs, including 14 years in the healthcare sector as an executive overseeing clinical technology implementations. Before joining Fortinet, Troy served as Chief Information Security Officer at Beaumont Health and Director, Chief Information Security Officer at Sanford Health where he had oversight of the Security Technology, Security Operations, Identity and Access Management, and Governance Risk and Compliance (GRC) Teams.