Unique Security Challenges of Floating Healthcare Facilities
Mike Taylor oversees IT operations for the USNS Mercy and USNS Comfort, two hospital ships that function as fully operational medical facilities capable of deploying within five days of activation. These vessels present distinctive security challenges that combine healthcare IT requirements with maritime operational technology concerns. The ships regularly host foreign nationals—both as patients receiving care and as visitors on tours—creating exposure to potential insider threats and physical security risks like unauthorized USB device insertion. Taylor emphasizes that disruptions to IT systems carry life-or-death consequences, as compromised systems in surgical suites or modified patient records could directly impact patient safety. Beyond healthcare, the ships' navigation systems, engineering controls, and bridge operations all depend on secure digital infrastructure.
Zero Trust Implementation and Operational Technology Protection
The hospital ships are aggressively implementing zero trust architecture during the current fiscal year, with Varonis playing a significant role in the data security component. Taylor identifies operational technology threats—including SCADA devices, industrial controls, and medical modalities—as the biggest risk on the horizon. The ships have historically practiced comply-to-connect principles, but the zero trust initiative aims to create granular, tightly controlled environments that prevent insider threats and malicious device proliferation. Taylor notes that once deployed, the ships operate with only the security measures they've implemented beforehand, making thorough preparation essential. The teams have documented multiple instances where Varonis helped identify anomalous behavior and improperly placed files in email attachments or shared drives, enabling proactive threat mitigation.
