Breaking Out of the Safety Mosh Pit
When Jason Elrod, CISO of MultiCare Well being System, describes legacy healthcare IT environments, he would not mince phrases: “Healthcare likes to stroll backwards into the longer term. And that is how we obtained right here, as a result of there are loads of issues that we may have ready for that we did not, as a result of we have been so targeting the place we have been.”
This chaotic strategy has characterised healthcare IT for many years. In a sector the place lives rely on expertise working flawlessly 24/7/365, safety groups have historically functioned as gatekeepers—the “Division of No”—centered on safety on the expense of innovation and care supply.
However as healthcare continues its digital transformation journey, this strategy is now not sustainable. With 14 hospitals, lots of of pressing care clinics, and almost 30,000 staff serving tens of millions of sufferers, MultiCare wanted a distinct path ahead – one that did not sacrifice innovation for security. That shift started with a mindset change on the prime that was pushed by years of expertise navigating these precise tensions.
Jason Elrod’s View: The Healthcare Safety Conundrum
After 15+ years as a healthcare CISO, Elrod has a novel perspective on the safety challenges going through healthcare organizations. In response to him, healthcare’s particular operational realities create safety dilemmas in contrast to every other business:
At all times-on operations: “When can you’re taking it down? When are you able to cease every little thing and improve it?” asks Elrod. In contrast to different industries, healthcare operates 24/7/365 with little room for downtime.
Life-or-death entry necessities: “We have now to verify all the data they want is on the market once they want it, with the minimal quantity of friction attainable. As a result of it is me, it is you, it is our communities, it is our family members, it is life or demise.”
Increasing assault floor: With the shift to telemedicine, distant work, and related medical units, the risk panorama has expanded dramatically. “It is like a bowl of spaghetti the place every strand wants to have the ability to discuss to at least one finish or the opposite, however simply to the strands it must.”
Misaligned incentives: “IT traditionally has been targeting availability and velocity and entry, ubiquitous entry… And safety says, ‘That is a improbable Lego automobile you constructed. Earlier than you’ll be able to go outdoors and play with it, I will stick a bunch extra Legos on prime of it known as safety, privateness, and compliance.'”
It is a recipe for burnout, blame, and breakdowns. However what if safety may allow care as an alternative of obstructing it?
Watch how MultiCare turned that chance into observe within the Elisity Microsegmentation Platform case examine with Jason Elrod, CISO, MultiCare Well being System.
Identification: The Key to Trendy Healthcare Safety
The breakthrough for MultiCare got here with the implementation of identity-based microsegmentation by means of Elisity.
“The largest assault floor is the identification of each particular person,” notes Elrod. “Why are the assaults all the time on identification? As a result of in healthcare, we should make sure that all the data is on the market once they want it, with the minimal quantity of friction attainable.”
Conventional community segmentation approaches relied on advanced VLANs, firewalls, and endpoint brokers. The consequence? “A Byzantine spaghetti mess” that grew to become more and more tough to handle and replace.
Elisity’s strategy modified this paradigm by specializing in identification moderately than community location:
Dynamic safety insurance policies that comply with customers, workloads, and units wherever they seem on the community
Granular entry controls that create safety perimeters round particular person property
Coverage enforcement factors that leverage present infrastructure to implement microsegmentation with out requiring new {hardware}, brokers, or advanced community reconfigurations
From Skepticism to Transformation
When Elrod first launched Elisity to his group, they responded with wholesome skepticism. “They’re like, ‘Did you hit your head? Are you certain you learn what you have been saying? I assumed you stopped consuming,'” Elrod recollects.
The technical groups have been uncertain that such a microsegmentation resolution may work with their present infrastructure. “They stated, ‘That does not sound like one thing that may be carried out,'” shares Elrod.
However seeing was believing. “Whenever you see people who find themselves deeply technical, individuals who simply know their craft rather well, and so they see one thing and go ‘Wow’… it shakes the pillars of their opinions about what could be carried out,” explains Elrod.
The Elisity resolution delivered on its guarantees:
Fast implementation with out disruptive community modifications
Actual-time automated or handbook coverage changes that beforehand took weeks to implement
Complete visibility throughout beforehand siloed environments
Enhanced safety posture with out compromising availability
…all with out forcing a tradeoff between safety and efficiency.
However what shocked Elrod most wasn’t simply what the expertise did, however the way it modified the individuals utilizing it.[JE2]
Breaking Down Partitions Between Groups
Maybe probably the most sudden profit was how the answer remodeled relationships between groups.
“There’s been a friction level. Put this management and constraint across the community. Who’s the primary particular person to name? They are going to name IT. ‘I can not do that factor.’ And I am saying, ‘Properly, you’ll be able to’t open every little thing, as a result of everyone cannot have every little thing. As a result of the unhealthy guys can have every little thing then,'” Elrod explains.
Identification-based microsegmentation modified this dynamic:
“It modified from ‘How do I get round you?’ and ‘How do you get round me?’ to cooperation. As a result of now it is like, ‘Oh, nicely, let’s make that change collectively.’ It shifted culturally, and this was not one thing I anticipated… We actually are on the identical group. This can be a resolution that works for all of us, makes all of our jobs higher, Safety and IT. It’s a power multiplier throughout the group,” says Elrod.
With Elisity, safety and IT groups now share incentives moderately than competing priorities. “The identical factor that enables me to make connectivity work between this space and right here in a frictionless trend can also be the identical precise factor that gives the rationalized safety round it. Identical instrument, identical dashboard, identical group,” Elrod notes.
Enabling a Tradition of Sure
For healthcare suppliers, the impression is profound. “If they do not have to fret about entry, haven’t got to fret concerning the controls, they will take the cognitive load of pondering and worrying concerning the compliance elements of it, the safety, the privateness, the expertise underlying the desk that they are engaged on,” says Elrod.
This shift allows a basic change in how safety interacts with medical workers:
Velocity of supply: “We will try this on the velocity of want versus the velocity of paperwork, the velocity of expertise, the velocity of legacy,” explains Elrod.
Granular management: “How would you want your personal phase on the community, wherever you could roam? I can base it in your identification, wherever you are at,” Elrod shares.
Enhanced belief: “Having the ability to instill that confidence that, ‘Hey, it is safe, it is secure, it is scalable, it is practical, we are able to help it. And we are able to transfer on the tempo that you just need to transfer at.'”
Breaking Down Silos: The Enterprise Crucial of Safety-IT Integration
The normal separation between safety and IT operations groups is quickly changing into out of date as organizations acknowledge the strategic benefits of integration. Current analysis demonstrates compelling enterprise advantages for enterprises that efficiently bridge this divide, notably for these in manufacturing, industrial, and healthcare sectors.
In response to Skybox Safety (2025), 76% of organizations consider miscommunication between community and safety groups has negatively impacted their safety posture. This disconnect creates tangible safety dangers and operational inefficiencies. Conversely, organizations with unified safety and IT operations reported 30% fewer important safety incidents in comparison with these with siloed groups.
For healthcare organizations, the stakes are even larger. Amongst healthcare establishments that skilled ransomware assaults, these with siloed safety and IT operations reported a 28% improve in affected person mortality charges in 2024, up from 23% in 2023 (Ponemon Institute & Proofpoint, 2024). This stark actuality underscores that cybersecurity integration is not simply an operational consideration—it is a affected person security crucial.
The monetary case for integration is equally compelling. A Forrester Complete Financial Affect examine on ServiceNow Safety Operations options demonstrated a 238% ROI and $6.2 million in current worth advantages, with a 6-month payback interval when integrating safety and IT operations (Forrester/ServiceNow, 2024).
Ahead-thinking organizations are adopting refined integration fashions like Cyber Fusion Facilities. Gartner analysis confirms these characterize a big development over conventional safety operations, predicting that by 2028, 20% of huge enterprises will shift to cyber-fraud fusion groups to fight inner and exterior adversaries, up from lower than 5% in 2023.
For enterprise leaders, the message is evident: breaking down operational silos between safety and IT groups is not simply good observe—it is important for complete safety, operational effectivity, and aggressive benefit in right now’s risk panorama. Few perceive that higher than Elrod, who’s spent a long time attempting to bridge this hole each technologically and culturally.
The Bridge to Trendy Healthcare
For Elrod, identity-based microsegmentation represents greater than only a expertise resolution—it is a bridge between the place healthcare has been and the place it must go.
“Expertise prior to now wasn’t purchased as a result of it was crappy… They have been nice. Good intention. They did what they wanted to do on the time. However there’s loads of temporal distance between now and when that made sense,” he explains.
Elisity helps MultiCare “construct that bridge from the place we’ve been to the place we have to go… It is a ladder out of the pit. That is nice. Let’s cease throwing issues in there. Let’s truly do issues in a rational trend,” says Elrod.
Trying Forward
Whereas no single resolution can tackle all of healthcare’s safety challenges, identity-based microsegmentation is “one of many bricks on the yellow brick highway to creating healthcare safety and expertise the tradition of Sure,” in keeping with Elrod.
As healthcare organizations proceed to stability safety necessities with the necessity for frictionless care supply, options that align these competing priorities will turn out to be more and more important.
By implementing identity-based microsegmentation, MultiCare has remodeled safety from a barrier to an enabler of contemporary healthcare—proving that with the best strategy, it is attainable to create a tradition the place “sure” is the default response with out compromising safety or compliance.
Prepared to flee your personal safety “mosh pit” and construct a bridge to trendy healthcare? Obtain Elisity’s Microsegmentation Purchaser’s Information 2025. This useful resource equips healthcare safety leaders with analysis standards, implementation methods, and ROI frameworks which have helped organizations like MultiCare remodel from the “Division of No” to a “Tradition of Sure.” Start your journey towards identity-based safety right now. To be taught extra about Elisity and the way we assist remodel healthcare organizations like MultiCare, go to our web site right here.
Discovered this text fascinating? This text is a contributed piece from certainly one of our valued companions. Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.
