Healthcare security is broken because its systems can’t talk to each other

In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a complex task. Kracke shares how interoperability, collaboration, and strategic investment can strengthen resilience across the healthcare security landscape.

When you look at the modern healthcare ecosystem with hospitals, clinics, telehealth, medical devices, and cloud partners, what is the biggest barrier to achieving cohesive security visibility across them all?

The primary barrier to unified security visibility is ecosystem fragmentation. Healthcare organizations routinely integrate legacy, on-premises systems with modern cloud-native applications and a growing array of connected medical devices, and client or clinical applications. This fragmentation is further exacerbated by:

• Variances in industry standards, including differing file formats, communication protocols, and data exchange mechanisms (e.g., HL7, FHIR, DICOM) which may complicate interoperability and make it difficult to aggregate and correlate security events across platforms.
• Heterogeneous network connectivity: Disparate connectivity models, ranging from secure internal networks to third-party telehealth connections, can create blind spots and inconsistent visibility.
• Software development lifecycle (SDLC) complexities: Multiple development teams, vendors, and release cycles hinder the standardization of security controls, monitoring, and incident response processes.

These technical and procedural variances collectively impede the creation of a centralized, actionable security view, increasing the risk of undetected threats and compliance gaps.

Achieving cohesive security visibility in healthcare ecosystem requires organizations to address deep-rooted fragmentation, standardize data and process integration, and adapt to persistent budget and talent constraints. By strategically prioritizing interoperability, embedding security into the SDLC, optimizing resources, and investing in talent, organizations can build a resilient security visibility framework, one capable of protecting patient data and supporting clinical excellence.

Security tools in healthcare often come from dozens of vendors. How can organizations balance the need for interoperability without creating vendor lock-in or integration fatigue?

Healthcare security teams often juggle tools from numerous vendors, making it crucial to strike a balance between deploying point solutions and adopting integrated platforms. Relying on too many disparate tools can lead to integration and support fatigue, increased complexity, and the risk of alert overload, all factors that may strain staff capacity, contribute to burnout, or attrition.

On the other hand, consolidating security controls within integrated solutions can streamline management, enhance interoperability, increase visibility response time, and reduce operational burden. However, organizations must be cautious to avoid vendor lock-in, which can limit flexibility and hinder the adoption of best-of-breed capabilities as needs evolve. The choice between point solutions and integrated platforms directly impacts budget allocation, resource requirements, and the long-term agility of security operations.

To maintain effectiveness, healthcare organizations should continually evaluate their security toolset for relevance, integration potential, and overall value to the security program. Prioritizing solutions that support open standards, and seamless integration helps minimize context switching and alert fatigue, while ensuring that the security team remains engaged and productive.

Ultimately, the decision to balance specialized point solutions with broader integrated platforms must be guided by strategic priorities, resource capacity, and the need to support both operational efficiency and clinical excellence. Thoughtful tool selection and ongoing assessment are essential for building a resilient, sustainable security posture in healthcare environment.

With so many healthcare applications moving to the cloud, how do you design an ecosystem that bridges on-premises legacy systems with modern cloud-native security tools?

As healthcare organizations increasingly migrate applications to the cloud, designing an ecosystem that bridges legacy on-premises systems with modern cloud-native security tools is essential. The right approach depends on each organization’s cloud strategy, whether transitioning fully to the cloud or maintaining a hybrid environment, and whether they operate in single or multi-cloud architectures.

A critical consideration is the interoperability of security tools across both cloud and on-premises environments. Healthcare organizations must assess if their security solutions need to span multiple cloud providers, support on-premises systems, or both, and determine how long on-premises support will be necessary as applications gradually shift to the cloud.

Cloud providers are increasingly acquiring and integrating advanced security technologies, offering unified solutions that reduce the need for multiple monitoring platforms. This consolidation not only lessens alert fatigue but also enhances real-time visibility to security threats, an important advantage for healthcare, where timely detection is vital for protecting patient data and ensuring clinical continuity.

Ultimately, there is no universal solution. Healthcare organizations must develop and communicate a comprehensive plan for cloud adoption, application deployment, and data storage. Strategic planning and ongoing evaluation are crucial to supporting both operational efficiency and the protection of sensitive health information.

How can healthcare organizations reconcile the tension between security and clinical usability, especially when lives depend on system uptime?

In healthcare, the tension between security and clinical usability (or anything healthcare related) is especially critical, as system uptime can directly impact member/patient outcomes. To address this challenge, security leadership mindset must shift from a default stance of “no” to a more collaborative “yes and” approach, recognizing that mitigating security risk should not come at the expense of business or member risk.

Security teams should view themselves as business enablers, working proactively to find secure solutions that support organizational goals. Instead of blocking initiatives for the sake of security, leaders must develop creative new strategies that both protect sensitive information and facilitate successful business outcomes. This can occur when security teams have a seat at the table early-on in the operational conversation.

This cultural transformation requires time, ongoing practice, and strong leadership. Team members may progress at different rates, but it is the responsibility of leaders to guide and unify the organization toward the shared goal: enabling the business safely and securely, while minimizing the tension between protection and productivity. This also may be an opportunity to engage with a change management coach to bring about a more successful outcome.

What lessons can healthcare security teams borrow from public health, such as information sharing or community defense, when thinking about ecosystem resilience?

Healthcare organizations face a unique but universal challenge: threat actors are constantly targeting their sensitive data. This shared risk underscores the importance of coming together as a community to strengthen collective defenses. By recognizing that attackers do not discriminate, organizations can better appreciate the value of collaboration in building a resilient security ecosystem.

Information sharing is a critical component of this collaborative approach. When organizations openly exchange threat intelligence, vulnerabilities, and best practices, they empower each other to respond more quickly and effectively to emerging threats. Groups such as HS-ISAC and FBI InfraGard offer trusted environments for this information exchange, helping to bridge gaps across the industry and enhance the security posture.

Beyond information sharing, healthcare security teams can adopt additional strategies from public health, such as establishing community defense mechanisms. This could include joint incident response exercises, coordinated vulnerability management, and the development of shared security standards. Regular cross-industry drills and communication channels can further improve readiness and reaction times during cyber incidents.

Ultimately, building a more resilient and effective security ecosystem requires both cultural and operational shifts. Organizations must foster trust, prioritize transparency, and make security a shared responsibility across all teams. By working together and learning from public health models, healthcare organizations can better defend against threats and support safer, more reliable care delivery.