The healthcare industry stands at the intersection of innovation and vulnerability, with cyber threats escalating in frequency and sophistication. Joel Burleson-Davis, SVP of Worldwide Engineering, Cyber at Imprivata, believes the way forward lies in transforming how healthcare organizations approach identity security and broader cybersecurity challenges. From embracing passwordless technology to preparing for nation-state threats targeting critical infrastructure, the stakes have never been higher.
The Passwordless Revolution in Healthcare
“Identity security challenges in healthcare will make way for a passwordless future,” said Burleson-Davis, emphasizing a shift driven by the sector’s unique pressures. Healthcare providers juggle large workforces, third-party contractors, and strict compliance regulations while maintaining quick, seamless access to patient data—making traditional password systems a liability.
A recent GAO report highlighted the Department of Health and Human Services’ struggles to mitigate cybersecurity risks, with identity security emerging as a critical pain point. Burleson-Davis predicts an industry-wide pivot toward passwordless authentication in the near future.
“Masking passwords from users significantly reduces cyber risks and improves clinical workflows today,” he said. “Getting rid of the password entirely only improves that benefit.” By adopting passwordless systems tailored to healthcare’s diverse workflows, organizations can enhance security, streamline operations, and ultimately improve patient care.
This transformation will not happen overnight. Moving from password-based access to fully passwordless workflows is a phased journey, but it’s one that Burleson-Davis sees gaining momentum across the healthcare industry.
The Rising Threat of Nation-State Attacks
Beyond healthcare, nation-state cyberattacks are emerging as the most significant threat to critical infrastructure, according to Burleson-Davis. Adversaries like Russia, China, and Iran increasingly target interconnected systems in sectors such as healthcare, energy, water, and telecommunications, exploiting vulnerabilities to inflict widespread disruption.
“The sophisticated network of malicious actors, officially and unofficially sponsored by adversarial nation-states, often conduct reconnaissance to identify vulnerabilities within critical systems,” he explained. These attacks can paralyze hospital operations, disrupt power grids, or destabilize communication networks, with devastating consequences.
Burleson-Davis warned that such attacks could escalate during geopolitical conflicts, potentially crippling essential services when they are needed most. “These vulnerabilities could be exploited to cause widespread chaos and harm at a critical time,” he said.
Cybersecurity Becomes a Non-Negotiable Imperative
Recent high-profile attacks on healthcare systems and other critical infrastructure underscore the urgency of addressing supply chain and third-party cybersecurity risks. In healthcare, these breaches have disrupted hospital operations, delayed treatments, and jeopardized patient safety—threatening not just data but lives.
“Although these attacks are aimed at systems and data, particularly critical systems and sensitive data, they are ultimately a threat to public health,” Burleson-Davis said. The ripple effects extend beyond the immediate impact, undermining public trust in healthcare institutions and other essential services.
The same risks apply to power grids, water systems, and communication networks, where attacks can cause economic damage, create safety hazards, and destabilize communities.
Collaboration and Resilience: The Way Forward
For Burleson-Davis, the solution lies in a balanced approach that combines robust cybersecurity measures with increased public awareness and cross-sector collaboration.
“The vulnerability of healthcare systems and critical infrastructure underscores the need for cooperation between government and private sectors to enhance resilience against these threats,” he said.
As industries face mounting pressure to fortify their defenses, the shift toward passwordless workflows and robust third-party protections represents more than a technological upgrade—it’s a critical step in safeguarding essential services and the lives they impact.
Burleson-Davis’s message is clear: the future of cybersecurity will demand innovation, vigilance, and collaboration. For healthcare and other mission-critical industries, the cost of inaction is too great to ignore.