Protecting Patient Data and Reducing Cyber Risk Throughout the Healthcare Ecosystem: Fortified Health Security
“When it comes to cyberattacks affecting patient care, the question is no longer a matter of if or when, but how often and how catastrophic the consequences,” wrote Senator Mark R. Warner in a November 2022 policy paper. We’ve had the privilege of partnering with numerous companies in the healthcare IT & services space over the years, so we’re well-aware of how cyber threats in healthcare can mirror trends in other industries. But the effects of successful cyberattacks dwarf those felt by other sectors. With human lives at stake, the ramifications can be truly devastating when a cyberattack impedes a healthcare provider’s ability to care for patients.
A recent JAMA report found that the annual number of ransomware attacks on U.S. healthcare organizations more than doubled from 2016 to 2021, and nearly half (44.4%) of those attacks disrupted the delivery of healthcare. The most common disruptions were electronic system downtime (41.7%), cancellations of scheduled care (10.2%) and ambulance diversion (4.3%), with hospitals most likely to experience care disruptions during a ransomware attack.
More broadly, healthcare providers still represent the majority of breach targets, accounting for 70% of all incidents last year. Also concerning for the industry, the number of breached healthcare records increased to 51.4 million last year (compared to 49.4 million in 2021) and more than 78% of all healthcare-related breaches were attributed to hacking and IT incidents in 2022 – an increase from only 45% just five years ago.
With the frequency and severity of cyberattacks increasing, staffing-related challenges persisting and profitability pressure compounding, healthcare executives are prioritizing their cybersecurity investments and outsourcing initiatives more than ever before. This is why we were so excited to partner with the team at Fortified Health Security this past December in a majority investment which included former Silversmith portfolio company and Fortified Health Security channel partner Nordic Consulting.
Fortified Health Security is a managed security services provider (MSSP) that helps hospitals and health systems evaluate their cyber risk appetite and exposure, strengthen their cybersecurity posture and improve their security operations. The company serves healthcare providers of all sizes that struggle to staff their IT and cyber departments and keep up with cyber vendor fragmentation, yet are just as vulnerable to crippling attacks as organizations outside of healthcare.
To protect healthcare organizations from pervasive cybersecurity threats, the company provides a full suite of tech-enabled managed services, in addition to a comprehensive view of a healthcare organization’s entire cybersecurity program via its proprietary software platform, Fortified Central Command. By allowing healthcare executives to proactively identify and track risks, actively monitor threats, and respond quickly and effectively to incidents, Fortified Health Security is doing the crucial work of ensuring the delivery of healthcare isn’t impeded in the event of a cyberattack. With roughly 4,000 hospitals in Fortified’s target market, we believe there is a meaningful growth opportunity for the company over the years ahead.
As the Best in KLAS for Security and Private Managed Services in healthcare two years in row, we believe Fortified Health Security is well positioned to continue its rapid growth strategy, and provide much-needed support to even more healthcare organizations. The company is already serving more than 140 customers – ranging from small, regional hospitals to larger health systems – and is led by a management team with deep domain expertise including CEO, Dan Dodson, a recognized leader in healthcare cybersecurity.
Over the years we’ve had the opportunity to partner with several companies selling to the hospital and health system end-market – including Nordic Consulting, Iodine Software and MediQuant. We believe these companies all serve a mission critical use case and produce a hard ROI through driving efficiencies within their customer base. In our market research, cybersecurity is consistently among the most mission critical pain points for health system executives, but Fortified’s target customers often do not have the internal resources to adequately address this need. As Fortified continues to grow, we are excited at the prospect of building a more secure healthcare ecosystem, so healthcare providers can protect their data, remain compliant and ultimately provide the best possible patient care.