Health Centered Network Security
Healthcare organizations face mounting cyber threats as their connected ecosystems grow, requiring security approaches that balance protection with innovation
This story was produced through MarketScale. See how Healthcare teams put it to work with Executive Thought Leadership.
Key takeaways
Healthcare organizations face mounting cyber threats as their connected ecosystems grow, requiring security approaches that balance protection with innovation
The expanding healthcare ecosystem introduces new windows of opportunity for increasingly sophisticated bad actors and ransomeware threats. Join Troy Ament, Industry Leader, Healthcare for Palo Alto Networks and Verizon's Robin Goldsmith as they discuss the ever evolving threat landscape and strategies for creating secure platforms to support healthcare innovation.
Video TranscriptExpand ↓
Better, smarter, faster. The future of connected health care relies on a powerful digital ecosystem and robust neural network to drive better diagnostics, intelligent operations, and seamless care anywhere. Join us as we talk to the experts about transformational road maps for this evolving landscape, what's working, what's needed, and how we get there together. Welcome to health care on air, presented by Verizon. Everyone, welcome back to health care on air by Verizon. I'm your host, Robin Goldsmith, global lead for health innovation and strategy here at Verizon Business. So as you can see, we're here at five twenty twenty four in Los Angeles, California. An incredible show, really a gathering of health care innovators, leaders. And I think I'm really excited about this next conversation because we're gonna be focusing on security, why it's important for health care. So without further ado, Troy Aimek, industry leader for Palo Alto Networks. Welcome to the show. Yeah. Thanks for having me, Robin. It's a it's a pleasure, and I think the timing is very ripe for this conversation. It's always right. It is. So tell me a little bit about you, your fairly new bowl in Palo Alto and, you know, kinda what you're where you're looking at at Palo Alto. Yeah. No. Excited about my new role. I've been in health care most of my career, but mostly on the customer side. So transitioned, just in the last few years from twenty plus years on the customer side. I was the chief information security officer at two of the largest health systems in the US. Now bringing that to my new role here at Palo, and couldn't be more excited about the engagement that I have with customers, our go to market strategy, our product strategy, and, you know, just really diving in with each one of our customers, looking at their cyber challenges, looking at emerging threats that are changing every single week. Yeah. And, it's an exciting time. Absolutely. Well, let's start. So you I think it's fascinating because you twenty years on the provider side. I know you worked at Sanford for a lot of years. So, you know, given that experience coming from the provider side to a technology company, what made you let's start with what made you make that that transition? Yeah. So I get to see a different customer or multiple customers every single day. Right? So it's a new challenge every day, multiple challenges every day that I get to help out customers. And I get to solve inside and outside of the provider space. So I can be in the payer space or the connected medical space, which, connected medical specifically is a big passion of mine. I've, you know, worked on Capitol Hill for many years with regard to setting policy and direction, giving guidance to the challenges that we were having as practitioners in health care and really streamlining or setting forth some of the policy that we've seen come to light over the last year. Now we're doing that on the provider side even more. Right? Emerging threats are affecting political operations. So my role here at Palo is really to evangelize that within the the organization, help out our teams and other, companies, solve for their security challenges, and, provide that thought leadership. Yeah. Yeah. It's I I I I'm very privileged. I get to work with a lot of health systems across the country. I'd love to hear your perspective. I mean, I think compared to the finance industry and retail, why is it that the providers are just so much in the in the news these days? I mean, it's unfortunately, you see ransomware attacks, DDoS attacks. More and more, it seems like every week someone's being taken down by these attacks. Why is it, you know, why is it so much in the news these days? And what can providers really do to what should they be thinking about with the ever evolving threats? Yeah. You know, so providers are in an interesting spot. So before I was a CISO at Sanford Health, I helped lead our epic implementations. Right? So we did digital transformation for many, many years. You know, bringing that digital transformation was changing workflows for physicians. And those workflows are integrated into the operations now that secure or that those technologies are ultra important for every workflow within the patient environment. Everything from admitting a patient all the way to discharge. So now what we're seeing is the adversaries are looking at that scale of digital transformation and seeing opportunity. You know, we talk about ransomware. They know that if they target a large multibillion dollar health system, shut down their operations so that that they're not able to, you know, one, provide great patient care, which is core to all of their missions. But then two, significant impact to the revenue, significant impact to their brand. Health care systems compared to financial services is much different, much more complex, much more different operating environments, a lot of technology debt. So that compounded with the adversaries starting to understand their operations and their back end systems, is creating a target. Yeah. What are the you know, we we hear about, you know, social engineering a lot, which is kinda something I learned about recently. What do you see as, like, the biggest threats that are taking down health systems even back to, you know, pen and paper in some cases just to keep the shop running. What are you seeing is, like, the biggest trend that that's happening to with these with these events? Yeah. You know, so the adversaries in the last couple years have really increased their sophistication. Yeah. And I think what most of our, you know, health systems are seeing now is they're taking that sophistication and they're the adversaries are adding automation on top of that. So now they've got the sophisticated attacks, which are very hard to stop, especially when they're, you know, executed by nation state organizations. On top of that, you had automation. So last year, attacks were down. Sophistication was up. This year, we're seeing the same sophisticated attacks, but the automation adding a whole another level of number of attacks. Yeah. It's and, no, I know it's daunting. I'm I was just thinking about you mentioned medical devices. I think we're adding more and more devices into Yeah. You know, hospital environments. And we're also, you know, from the rise of wearables and, you know, pacemakers and medical devices in the home. I mean, to use kind of your terminology, those are windows for bad actors. Right? They could be hacked. They're just another entry points that need to be secured. Mhmm. And with the rise of all these new access points, you know, what's how do you and Palo Alto kinda help secure those kind of type type environments? Well, I think it starts with understanding that environment. Right? Our team is very dedicated to health care. We've got practitioners across the board along our engineering team that deeply understand those workflows and those new devices. Now what's really important to that end is this transformation that health systems continue to do with bringing new devices or bringing new partners. Third party risk is certainly a significant, challenge for organizations. So many vendors, so many different connected medical devices. So having a really strong third party risk risk assessment program, and then layering on top what I would consider foundational security practices that are done in and out of every security project. Things like multi factor authentication, defense in-depth. But to that end, I think the biggest transformation that we're seeing at Palo Alto Networks now is really building on top of a platform, much less point based solutions and moving to a platform approach and making things much more simple. Yeah. That's where our customers are having the success. That's what they're demanding, and that's what we're bringing to market. As as a lot of the work you do is kind of educating those those folks, You know, I think a lot of these threats happen from phishing and, you know, and and vishing and now QR, vishing. They Those are all and and I think it's a lot of, like, internal folks even. And I know Verizon, we do a lot of training on what how to identify it. But as these you mentioned that these are getting more more advanced. You've got AI coming in that's gonna make it even more challenging. How are you kinda educating the workforces and putting in place, you know, systems and and protocols to to align with this ever evolving threat lens? Yeah. Yeah. So we're educating our customers every day on what health systems are experiencing when they have a breach. We go in and do tabletop exercises and show them the pain points of what it really looks like when Yeah. The bad stuff happens. Right? And then we back that up to where they're having success and where they've got challenges and need to remediate. You know, so I I would say that's first, but we we always lead with example. We lead with what we've seen in the in the marketplace that provide great threat intelligence with our unit forty two, and evangelize that to to all of our customers from the threat intelligence perspective. Gotcha. So, you know, I one of the themes here is AI, and I think there there's definite pros with AI for, you know, clinical diagnosis and and, you know, culling all the data and providing good good insight. There's I think AI for any other kind of any industry, how it can alleviate the back office chores that dogs have to do that that is attributing to burnout and Mhmm. You you know, lack of retention. I think that's super positive. But on the on the flip side, AI is also, you know, gonna advance the security grads. So Mhmm. What are your thoughts on that? How scary is she how scary is she? Well, I think organizations that have a a solid, risk based model within their organizations that are looking at any project, whether it's AI or something that they're doing from a genomics perspective to really understand what their business model is and their workflows, where their data is flowing, and and protecting those those workloads, protecting that AI model. Because the second that an AI model is compromised, no one's gonna trust it. Right? And that same brand reputation is gonna come back to be a challenge if it's, god forbid, affects patient care or patient safety. Right? On the other side of AI, though, I think it's an opportunity for cybersecurity teams. My former teams will be much more efficient reducing, you know, some of the the mundane, repetitive tasks that they used to do. So really accelerating, I I think, from an automation perspective is where we see AI playing on the threat hunter side. So on the good guy side, you know, fighting back, it might be an opportunity for us to get one more step ahead or evening evening the score. But I will not underestimate, you know, if I'm a CSO of any health system out there, I am looking at AI as certainly an area that our organization needs to think about keenly before implementing. Right? Think about because the adversaries are we've they've already shown and they've already demonstrated that any new transformation, they're gonna look at that and they're gonna see is there an opportunity for me to affect that clinical workflow. Yeah. Troy, yeah. I mean, I was it was funny. I was having a conversation with a gentleman last night who has been in security a long, long time, and he's like, you know, it it was you know, security is now kind of the cool kid at the table because it's so valuable. And and I think being at this conference, when it comes to security, do you think that is the leading trend you're seeing at the conference? Or I know AI Yeah. I'm just seeing kind of what you're seeing. Yeah. Any anything you're seeing. AI AI definitely from a clinical perspective wants to be the talk of the show. Yeah. But the talk of the show is definitely cybersecurity. Right? There's no doubt about it. Week after week, I'm exposed to a different scenario or a different news headline of, you know, maybe a children's hospital or maybe a different type of organization that's significantly impacted. And there there's multiple organizations, but there's big headlines week after week within with regard to health care cybersecurity attacks. And, you know, I think the practitioners out there are trying to do a really good job. I think the thing that I'm really excited about is we're seeing great things from a policy perspective, some enhancements to connect to medical device security, and I think some genuine support for better funding for cybersecurity teams to fund their mission and to become one more step ahead. Yeah. I mean, I from what I've heard, you know, the the pool of money that, you know, hospitals have finite Yeah. Money and assets and they've gotta prioritize Yeah. You know, devices to deliver care. That's gonna probably prioritize a lot. But I'm assuming now from your position at Sanford on the provider side Yeah. That those budgets are are getting more and more attention because the the ramifications of get having a breach, if you don't spend the money to secure your networks and those endpoint devices. Yeah. Yeah. It's all integrated. Right? So if you're spinning up a new cardiology program, which could be really important to, you know, one of your outlying communities that doesn't have cardiology. Balancing the risk versus the patient benefit is something that certainly is on the table. Right? Certainly, there's a lot of benefit of having a new next generation cardiology program in an underserved community. Will that, you know, maybe introduce some risk to the organization? Maybe. But managed correctly, you know, I think it can be can be done well. Yeah. I meant to ask you because you come you know, Sanford is a huge health system serving a lot of rural, you know, health care. And Mhmm. I'm sure a lot of the the patient population had to drive, extend the dip you know, distances to get care. I mean, you're multistate system. I'm curious kinda your view on, you know, this, move to more and more, you know, care being delivered in the home and how security kind of is a necessity for that new care delivery model. Yeah. So I think that's some of the great things from a technology perspective is, we're seeing organizations, you mentioned Sanford, my old organization, really investing deeply into virtual care, you know, potentially hospital or care at home, all things that have happened through, you know, things like home care and those types of traditional offerings. Things five g. Right? That gets me so excited whether that's embedded into connected medical devices and potentially some some new op opportunities there. But then backup connectivity for some of these outlying clinics, huge differentiator. Wish it was a tool in my tool chest before. We think about how we position SASE and having resiliency there and better better connectivity, but then also, you know, remote radiologists. So remote radiologists can be anywhere. It's it's a differentiator when your organization has a toolset that they can use and have physicians, you know, for recruiting across any geography, right, virtual. Absolutely. And extending that expertise. Mhmm. Because we have a you know, the staffing shortages that that everyone's facing, we can, you know, give a doctor the others in order to extend their expertise to a more, you know, bigger geographic area, that that's a win for everybody and deliver expert care where it's needed to underserved communities, rural rural folks. So, Troy, we covered a lot, and I I really appreciate you taking time out to be with us today. I think security is is the is the thing to be talking about at this show given the news we've had recently. So thank you for sharing with us. Yeah. Thank you, Robin. Alright, Troy. And thank you for watching. This has been health care on air by Verizon live from Vibe in LA, California. Until next time, you can access all of our content on Google Podcasts, Spotify, Apple Podcasts. Until next time, take care.
About the author