Good medicine

Kelsey-Seybold’s Patient-Centered Healthcare Relies on People-Centric Cybersecurity from Proofpoint.

Few others have had a better view into healthcare’s sweeping transformation over the last decade than Martin Littmann. He’s chief technology officer and chief information security officer at Kelsey-Seybold Clinic, where he oversees an IT network that spans 20 sites across greater Houston, Texas.

The role has given him a front-row seat of an ongoing reinvention that has touched everything from medical research to healthcare delivery. But amid this wave of innovation, Littmann points to an even more notable shift: people. Everything about them is changing—how they shop and pay for healthcare, the way they collaborate with doctors, and ultimately, their role in cybersecurity.

To underscore the point, he pulls back his sleeve to reveal an Apple Watch. It’s just one of many devices Kelsey-Seybold patients use to record and share their vital signs.

“Consumerism has been a real game-changer,” Littmann says. “Consumers are much more engaged these days in their health. And they expect a lot more from healthcare.”

Martin Littman, chief technology officer and chief information secuity officer at Kelsey-Seybold Clinic in Houston, Texas.

Healthcare Security Challenges


Stop spam and malicious threats from reaching users’ mailboxes


Proofpoint Email Protection

Proofpoint Targeted Attack Protection with URL Defense and Attachment Defense


Streamline incident response


Proofpoint Threat Response


Protect health and patient data


Proofpoint Email Encryption and Proofpoint Email DLP


Ensure that all email sent under the clinic’s name is authorized


Proofpoint Email Fraud Defense

Healthcare consumerism

and “right-now” expectations

Meeting those growing demands is Kelsey-Seybold’s central aim. With more than 160 doctors in 50 specialties, the clinic serves more than 500,000 patients.

It offers some of the area’s most advanced medical technologies and services. That includes 3-D mammography, magnetic resonance imaging (MRI), genetic testing for cancer, precision radiation therapy, and radiosurgery, among other leading-edge tools.

And facing patients’ ever-rising bar of expectations, Kelsey-Seybold is also innovating in customer service.

Patients can call anytime to make an appointment, usually within a day or so, and talk to a nurse 24 hours a day. Its telemedicine program lets customers make an appointment with a doctor over the internet or video, usually within an hour. And its web portal, MyKelseyOnline, lets patients see test results, refill prescriptions, message their doctor, make appointments, and more.

“We live in an immediate, I-want-it-now world,” Littmann says. “These services are oriented to serve consumers’ right-now needs.”

And all of it is powered by Kelsey-Seybold’s 140-person IT team. The group is responsible for keeping doctors working, patients connected, and critical systems running—reliably and securely. That’s why cybersecurity is core to everything the clinic does.

“When we make a business decision, security is something we bake into the initiative,” Littmann says. “Not something we figure out after the fact.”

The Usual Suspects: Healthcare’s Biggest Malware Threats

(Click icons for more)


Locky is a highly advanced form of ransomware adept at disguising itself. Locky uses social engineering to trick users to download the ransomware, which locks and encrypts a large number of systems and file types.

Hancitor (also known as Chanitor or Tordal) is a malware downloader that spreads through malicious Microsoft Word macros sent in spam campaigns. Though fully patched systems should be immune, attackers use social engineering to trick people into enabling macros on their system and running malicious code.

Global Impostor, also known as Fake Globe, mimics and is named after an earlier ransomware strain called Globe. Initially used in small regional companies, Global lmpostor became a global threat when a prolific attacker known as TA505 began using it in larger campaigns.

The Trick is a clever banking trojan that “tricks” payment systems to redirecting to a counterfeit site with a correct URL and a seemingly genuine digital certificate.

Pony is a Trojan that usually spreads through spam campaigns. It hides in PDF or Microsoft Office document. The spam messages typically mention a money transfer or overdue invoice notice to prod recipients to act right away. Pony disguises its code to stay hidden from many security tools.


shift their focus to people

Healthcare providers face many of the same cyber threats as other large businesses. But it’s an especially lucrative target for identity thieves and ransomware.

Cyber criminals know that hospitals have a trove of personally identifiable information—names, addresses, credit card numbers and Social Security numbers, and more.

And because of the life-and-death nature of their work, attackers also know that medical providers need uninterrupted access to their systems and data. That reality may make hospitals feel more pressured to give in to attackers’ demands.

At the same time, the nature of these attacks are changing. Joe Horvath, who manages Kelsey-Seybold’s information security team, says trying to defend the network perimeter is no longer enough.

“Traditionally, our security focus has been very much edge-driven, keeping bad actors out,” Horvath said. “But the bad actors have evolved their methods.”

As the healthcare industry gets better at securing its infrastructure—or moves to the cloud— attackers are using humans as the point of entry.

They trick people into opening malware or clicking an unsafe URL. They get account credentials and sensitive data by impersonating someone in authority. Or they get access to their accounts through phishing, a seemingly helpful cloud app add-on, or by just figuring out their password.

Littmann sees the effects of this change every day.

“The weakest link in the chain always tends to be the human,” he said. “Look at what phishing does—it plays on people's sensibilities. It lures them in with instant gratification or urgency. I think the threat actors will continue to play up on people.”

That’s why Kelsey-Seybold takes a people-centric approach to security. The clinic is working to make its workforce more resilient, stop the attacks that target them, and secure the data they have access to.

Look at what phishing does—it plays on people’s sensibilities. It lures them in with instant gratification or urgency.

Martin Littmann, Chief Technology Officer and Chief Information Security Officer
Kelsey-Seybold Clinic


a key security partner

Kelsey-Seybold Fast Facts

  • 20 sites across Houston

  • 160 doctors

  • 50 specialties

  • 500K+ patients being served

Proofpoint has been part of Kelsey-Seybold’s security arsenal since 2007, not long after Littmann joined the clinic.

He knew people were the key to keeping the clinic secure—and he recognized email as the No. 1 way threats target them. In his tests, Proofpoint caught more spam and malware than other tools.

As threats changed and the clinic’s needs evolved over time, Proofpoint has evolved with them.

One example is Proofpoint URL Defense, which analyzes and rewrites outgoing links in email to stop people from clicking through to unsafe URLs. The feature keeps healthcare workers safe, no matter where they check email or what device they use.

Littmann was also an early adopter of Proofpoint Threat Response, which helps security teams more quickly contain and resolve threats. The solution automates many aspects of incident response. It can even pull unsafe email from users’ inboxes after it’s already been delivered or forwarded.

Proofpoint Email Fraud Defense has also been a boon for Littmann’s team. The solution stops attacks such as business email compromise (BEC). These attacks use impersonation and social engineering to trick people into sending money and sensitive information.

No cyber defense can block every threat. To help its workforce grow more resilient to attacks that get through, the clinic is also looking to phishing simulations and security awareness training.

“I think the products have evolved,” Littmann said. “And we have evolved to provide some of the most top-notch email protection available almost anywhere.”

As healthcare continues to change, so will consumer demands, cyber threats, and compliance risks. But through it all, people will always need to be at the center of any cyber defense, Littmann says.

“You can make massive investments in technology and have the best network tools and the best email tools and the best any kind of tool,” he said. “But if a person compromises those tools or compromises their behavior, that's where your risk exists.”