Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    

Fighting the Good Fight

Dan Dodson

Fortified Health Security Arming Healthcare Systems in the Cybersecurity War

If the thought of a cybersecurity breach to your bank is terrifying, imagine the fallout for a healthcare organization tasked with protecting the financial, personal and medical information of millions of patients.

Cyber attacks can make or break a health system, shaking the confidence of patients and providers. That's where Fortified Health Security comes in. Founded in 2009, the Franklin-based company is quickly becoming an industry leader, partnering with more than 100 health systems and hundreds of hospitals in 35 states.

The New War in Healthcare

"Cybersecurity is a battle, and it's one that requires continuous engagement," said Dan Dodson, president of Fortified Health Security. "Our healthcare clients need a partner that understands healthcare and cybersecurity, because there's a uniqueness in healthcare that other industries don't face."

Dodson said a common misconception among healthcare executives is the perceived and actual value of their security program. Every day, a healthcare system gets hacked. Once detected, administrators typically drop big money on exceptionally pricey technology aimed at preventing future attacks. Problem is, it's rarely used to its full potential.

"Oftentimes, the technology is so advanced that no one really knows how to run it," Dodson explained. "The perceived value of that investment and actual value is astronomically different, and that's a gap we have to bridge."

He encourages executives to stop thinking about the next shiny box and instead make sure their investment in security technology is being maximized. Fortified staff members work with an organization's existing technology to maximize results and walk alongside IT staff to provide training and ongoing support. "We're an extension of the security team, as our role is to make sure people are leveraging expertise and best practices, and making sure the person on the ground is informed and making the best decisions for the healthcare organization," he said.

Industry Challenges

When it comes to securing healthcare systems, complications can arise from a number of natural restraints. In any other industry, systems might be shut down briefly for updates. In a 24/7 hospital, temporary shutdowns can impact patient care and disrupt operations. Dodson said that not understanding how to manage temporary halts to clinical workflow creates a serious challenge for many big box security companies.

Staffing poses an additional challenge, as healthcare companies compete to attract, train and retain IT talent. Dodson estimated 20 to 50 percent of a hospital's IT staff are using the position as a career stepping stone, while the rest are in it for the long haul. Fortified works with IT leaders to train and increase retention rates among IT personnel.

Another obstacle is the evolving dynamic among the physician, healthcare organization and patient. That's because today's patient-as-a-consumer model demands complete access to online health information. Likewise, physicians now access patient data on all their own devices - a tremendous cybersecurity concern that Fortified has worked to successfully tackle. The company recently won awards for addressing the unique technical challenges associated with securing medical devices, which requires technology, people and processes unique to healthcare. Outsourced billing - not often found under the same security umbrella - creates yet another threat.

"As an administrator, you don't want to restrict your physicians and mess with their workflow because they can go somewhere else, as can your fee-for-service patients," said Dodson. "You have to understand how to make changes technically but also transform the organization's culture through new processes."

Cause & Effect

For many companies, that lesson is learned too late. Data shows hospitals that go public after compromising patient information in a data breach can lose up to 40 percent of their patients - a trickle-down effect impacting physicians, as well. That's because today's patient has a choice in where he or she receives surgery, radiology and imaging services - the moneymakers for most health systems.

"Executives have to ask, can I afford a 40 percent drop in patient choice for high revenue and profitability areas?" Dodson asked. "Most can't even afford a three percent drop."

Mid-Year Horizon Report

For hospitals, it's not about if a breach will occur, but when. Fortified Health Security recently released their Mid-Year Horizon Report, which examines the state of cybersecurity in healthcare. According to their findings, "2018 has seen attack momentum increase and new hacking groups formalize with greater sophistication and focus than ever before."

A key finding was that provider organizations have been compromised more in 2018 than health plans. It also found that most healthcare organizations aren't allocating enough capital to keep up with the attackers, given tight budgets, competing internal priorities and overall financial pressures. The report states that, "According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR), this has been the case since 2009.

The OCR Wall of Shame highlighted that in the first week of 2018, there were four major breaches containing more than 500 patient records. This is the same number of breaches reported in the first week of 2017, but the momentum has increased from there. Through the first five months of 2018, there have been 149 breaches reported with over 2.8 million patients impacted, as compared to 134 breaches impacting 2.0 million patients during the same period in 2017. This represents an 11 percent increase in the number of entities impacted by a breach and a 35 percent increase in the number of individuals affected.

While provider organizations appear to have been more heavily targeted so far in 2018, that doesn't' mean health plans have been left alone. Through May of 2018, health plans reported 24 breaches versus 15 in the same time period last year. Similarly, business associates reported 12 breaches in the first five months compared to seven breaches during the same time period in 2017.

The report also addresses benefits and critiques of the FDA's Medical Device Safety Plan, as well as the National Institute of Standards and Technology's Version 1.1 of its Cybersecurity Framework. Both plans were released in April. (A link to the downloadable Fortified Health Security mid-yeaer report is available online at

Dodson co-authored the mid-year report and noted email continues to be a key launching point for attacks. "The sophistication of attackers is unbelievable, because they can outsmart technology and rules to make themselves look like the organization," he said. "For health systems, it's a difficult challenge to keep up with it all, as you're always working to educate employees as well as patients."

A New Way of Thinking

Dodson regularly hears from frustrated chief information officers that administrators simply don't understand cybersecurity risks ... or why throwing high-dollar technology at the problem won't solve it. He challenges administrators to consider how management of cybersecurity risks is interwoven into every hospital initiative. "They need to start managing cybersecurity risks no different than they would clinical risks," he said. "It takes proactive measures, and administrators need to look at the issue holistically."


Fortified Health Security

Healthcare Cybersecurity Mid-Year Horizon Report


Related Articles:

Recent Articles

National Coalition Awarded Over $30 Million to Tackle Opioid Epidemic

Opioid Response Network surpasses 3 Million people impacted through free education and training

Read More

Belmont University Welcomes HCA Healthcare as Health Advisor for Oct. 22 Presidential Debate

Read More

American College of Surgeons panels warn vaping and marijuana use before an operation can be harmful

Read More

Competition Declined in Majority of Health Insurance Markets Where it was Most Scarce

AMA study finds increasingly limited health insurance options for patients in highly concentrated markets

Read More


Read More

AMA Supports Congress Providing Much-Needed Relief to Physicians Working Through the Pandemic

Read More

State's First Female Heart Transplant Recipient Celebrates 35 Years On Borrowed Heart

Records suggest that Jan Vaughn, long-time TN resident and MTSU graduate, may be the nation's longest-surviving single heart transplant recipient.

Read More

AMA Releases 2021 CPT Code Set

New updates to medicine's common language reflect burden relief, COVID-19 testing and tech-enabled medical services

Read More

Council on Aging Offers Helpline, Resources for Healthcare Providers

COA offers a helpline and lifeline to providers, older adults, caregivers and family members trying to navigate services.

Read More

Tennesseans Join Hundreds of Cancer Patients, Survivors Nationwide to Call on Congress: Make Cancer a National Priority

Amid Pandemic Advocates Hold Virtual Meetings with Members About Increased Cancer Research Funding and Equitable Access to Clinical Trials

Read More

Email Print



Cybersecurity, Dan Dodson, Fortified Health Security, Health Information Security, Healthcare Breach, Healthcare Hack, OCR Wall of Shame
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: