By Troy Ament, field CISO for healthcare, Fortinet
“High-Speed Internet for All” is a new initiative from the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), with the goal of bringing fast internet connectivity to everyone in America. Over $40 billion in funding for NTIA initiatives is coming via the Bipartisan Infrastructure Law passed in 2021.
NTIA states that it, “administers grant programs that further the deployment and use of broadband and other technologies in America, laying the groundwork for sustainable economic growth; improved education, public safety and health care; and the advancement of other national priorities.” Having high-speed internet access opens up new personal and business opportunities, including access to telehealth.
Successful Telehealthcare Needs Security
While not necessarily tied to healthcare, the “High-Speed Internet for All” initiative can be seen as an enabler for the expansion of remote healthcare, remote diagnostics and other telemedicine activities that would benefit from either new or faster connectivity in areas that are unserved and underserved.
One of the biggest challenges and areas of need for telehealth is rural America, where significant issues with connectivity inhibit successful telehealth efforts. Improved connectivity means more enhanced telehealth services.
However, for successful expansion of high-speed internet connectivity across the country, the stakeholders need to be certain that cybersecurity is considered from the start—from an infrastructure buildout perspective. They should also be mindful of the secure connectivity benefits to patients, clinicians and many others, especially those in rural areas, from a healthcare perspective. The outcome of securing internet connections will greatly assist in the expansion of tele-healthcare market opportunities.
Looking Back at Previous Healthcare Initiatives
As state and local governments, the healthcare industry and other stakeholders prepare to use this once-in-a-generation funding opportunity, it is helpful to look back at previous healthcare initiatives and learn from their mistakes. For example, with the launch of electronic healthcare records (EHRs), cybersecurity was almost an afterthought and not funded appropriately.
If more emphasis on the need to fund security for EHR initiatives occurred back then, we wouldn’t see so many unfortunate issues now with things like ransomware, lost PHI (personal health information) and compromised records.
Ransomware captures data and encrypts it so it can’t be read until a ransom is paid. With the emergence of IoT (Internet of Things) devices, a new strain of ransomware has emerged. It doesn’t go after an organization’s data but instead targets control systems and shuts them down until a ransom is paid. In the healthcare industry, Internet of Medical Things (IoMTs) are being attacked in the same way.
Healthcare organizations are using thousands of operational technologies and IoMT devices—everything from patient monitors to imaging devices to infusion pumps to even HVAC systems. Any of these connected devices can be hacked to gain access to a healthcare organization’s critical information systems. If appropriate attention is given to the security component of this upcoming high-speed internet expansion, it will help protect the telehealth infrastructure, IoMTs and EHR data well into the future.
Advanced Telehealth Capabilities
With the “High-Speed Internet for All” initiative, there is a lot of excitement about rolling out advanced telehealth capabilities to all locations. Many healthcare organizations are leveraging telehealth via voice or video calls, depending on connectivity limitations. But now, with the prospect of high-speed, broadband internet access everywhere, there are a number of advanced organizations adding enhanced telehealth capabilities—such as exam cameras, thermometers, otoscopes and stethoscopes. Remote telemetry for those aspects will push well beyond the previous limitations of a standard telehealth phone or video call.
Again, as all these new possibilities are considered with a “bigger pipe” to carry information everywhere in the country, it will not be as successful as it could be if cybersecurity is not a top consideration when this connectivity and these use cases are rolled out.
The Business of Telehealth
The pandemic forced many healthcare organizations to employ telemedicine visits with patients like never before. Consequently, this became a revenue stream for these organizations and altered the way they did business. They must protect their tele-healthcare business model, as the adversaries will be sure to look for opportunities to disrupt patient care, impact revenue and derail innovation.
Clearly, most healthcare organizations cannot afford for their telehealth services to go down for a month or two because of a security breach. Not only will this affect their bottom line, but a negative cybersecurity incident will also impact their brand and industry reputation, as well as losing contact with their patients and undermining their confidence in the organization.
Executives at healthcare organizations must understand that the benefits from better internet connectivity can only be realized completely when the appropriate security is in place to protect patients, patient data, physicians, nurses and other stakeholders.
About the author
Troy Ament is Fortinet’s field CISO for healthcare. He brings more than 20 years of experience to Fortinet, transforming information technology and security programs, with 14 years in the healthcare sector as an executive overseeing clinical technology implementations, and serving as the chief information security officer (CISO) at two of the largest integrated health delivery systems in the U.S. Before joining Fortinet, Troy held the positions of CISO and Director, CISO chief at Sanford Health where he had oversight of the Security Technology, Security Operations, Identity and Access Management, and Governance Risk and Compliance (GRC) Teams.