Breaking Out of the Safety Mosh Pit
When Jason Elrod, CISO of MultiCare Well being System, describes legacy healthcare IT environments, he would not mince phrases: “Healthcare likes to stroll backwards into the longer term. And that is how we acquired right here, as a result of there are a variety of issues that we might have ready for that we did not, as a result of we have been so targeting the place we have been.”
This chaotic method has characterised healthcare IT for many years. In a sector the place lives rely on expertise working flawlessly 24/7/365, safety groups have historically functioned as gatekeepers—the “Division of No”—centered on safety on the expense of innovation and care supply.
However as healthcare continues its digital transformation journey, this method is now not sustainable. With 14 hospitals, a whole lot of pressing care clinics, and practically 30,000 staff serving thousands and thousands of sufferers, MultiCare wanted a unique path ahead – one that did not sacrifice innovation for security. That shift started with a mindset change on the high that was pushed by years of expertise navigating these precise tensions.
Jason Elrod’s View: The Healthcare Safety Conundrum
After 15+ years as a healthcare CISO, Elrod has a novel perspective on the safety challenges dealing with healthcare organizations. In accordance with him, healthcare’s particular operational realities create safety dilemmas in contrast to another business:
- At all times-on operations: “When can you are taking it down? When are you able to cease all the things and improve it?” asks Elrod. Not like different industries, healthcare operates 24/7/365 with little room for downtime.
- Life-or-death entry necessities: “We’ve to ensure all the data they want is accessible once they want it, with the minimal quantity of friction doable. As a result of it is me, it is you, it is our communities, it is our family members, it is life or loss of life.”
- Increasing assault floor: With the shift to telemedicine, distant work, and related medical units, the menace panorama has expanded dramatically. “It is like a bowl of spaghetti the place every strand wants to have the ability to speak to 1 finish or the opposite, however simply to the strands it must.”
- Misaligned incentives: “IT traditionally has been targeting availability and velocity and entry, ubiquitous entry… And safety says, ‘That is a incredible Lego automobile you constructed. Earlier than you possibly can go exterior and play with it, I’ll stick a bunch extra Legos on high of it referred to as safety, privateness, and compliance.'”
It is a recipe for burnout, blame, and breakdowns. However what if safety might allow care as an alternative of obstructing it?
Watch how MultiCare turned that risk into observe within the Elisity Microsegmentation Platform case examine with Jason Elrod, CISO, MultiCare Well being System.
Id: The Key to Fashionable Healthcare Safety
The breakthrough for MultiCare got here with the implementation of identity-based microsegmentation via Elisity.
“The most important assault floor is the identification of each particular person,” notes Elrod. “Why are the assaults all the time on identification? As a result of in healthcare, we should be certain all the data is accessible once they want it, with the minimal quantity of friction doable.”
Conventional community segmentation approaches relied on complicated VLANs, firewalls, and endpoint brokers. The end result? “A Byzantine spaghetti mess” that turned more and more troublesome to handle and replace.
Elisity’s method modified this paradigm by specializing in identification somewhat than community location:
- Dynamic safety insurance policies that comply with customers, workloads, and units wherever they seem on the community
- Granular entry controls that create safety perimeters round particular person belongings
- Coverage enforcement factors that leverage present infrastructure to implement microsegmentation with out requiring new {hardware}, brokers, or complicated community reconfigurations
From Skepticism to Transformation
When Elrod first launched Elisity to his crew, they responded with wholesome skepticism. “They’re like, ‘Did you hit your head? Are you positive you learn what you have been saying? I believed you stopped consuming,'” Elrod remembers.
The technical groups have been uncertain that such a microsegmentation resolution might work with their present infrastructure. “They stated, ‘That does not sound like one thing that may be completed,'” shares Elrod.
However seeing was believing. “Once you see people who find themselves deeply technical, individuals who simply know their craft rather well, they usually see one thing and go ‘Wow’… it shakes the pillars of their opinions about what may be completed,” explains Elrod.
The Elisity resolution delivered on its guarantees:
- Speedy implementation with out disruptive community modifications
- Actual-time automated or handbook coverage changes that beforehand took weeks to implement
- Complete visibility throughout beforehand siloed environments
- Enhanced safety posture with out compromising availability
…all with out forcing a tradeoff between safety and efficiency.
However what shocked Elrod most wasn’t simply what the expertise did, however the way it modified the individuals utilizing it.[JE2]
Breaking Down Partitions Between Groups
Maybe probably the most sudden profit was how the answer remodeled relationships between groups.
“There’s been a friction level. Put this management and constraint across the community. Who’s the primary individual to name? They will name IT. ‘I can not do that factor.’ And I am saying, ‘Properly, you possibly can’t open all the things, as a result of all people cannot have all the things. As a result of the unhealthy guys could have all the things then,'” Elrod explains.
Id-based microsegmentation modified this dynamic:
“It modified from ‘How do I get round you?’ and ‘How do you get round me?’ to cooperation. As a result of now it is like, ‘Oh, properly, let’s make that change collectively.’ It shifted culturally, and this was not one thing I anticipated… We actually are on the identical crew. It is a resolution that works for all of us, makes all of our jobs higher, Safety and IT. It’s a power multiplier throughout the group,” says Elrod.
With Elisity, safety and IT groups now share incentives somewhat than competing priorities. “The identical factor that enables me to make connectivity work between this space and right here in a frictionless vogue can be the identical precise factor that gives the rationalized safety round it. Identical instrument, identical dashboard, identical crew,” Elrod notes.
Enabling a Tradition of Sure
For healthcare suppliers, the influence is profound. “If they do not have to fret about entry, haven’t got to fret in regards to the controls, they’ll take the cognitive load of pondering and worrying in regards to the compliance elements of it, the safety, the privateness, the expertise underlying the desk that they are engaged on,” says Elrod.
This shift allows a elementary change in how safety interacts with scientific employees:
- Velocity of supply: “We are able to do this on the velocity of want versus the velocity of forms, the velocity of expertise, the velocity of legacy,” explains Elrod.
- Granular management: “How would you want your personal section on the community, wherever chances are you’ll roam? I can base it in your identification, wherever you are at,” Elrod shares.
- Enhanced belief: “Having the ability to instill that confidence that, ‘Hey, it is safe, it is secure, it is scalable, it is practical, we are able to assist it. And we are able to transfer on the tempo that you just need to transfer at.'”
Breaking Down Silos: The Enterprise Crucial of Safety-IT Integration
The standard separation between safety and IT operations groups is quickly changing into out of date as organizations acknowledge the strategic benefits of integration. Latest analysis demonstrates compelling enterprise advantages for enterprises that efficiently bridge this divide, notably for these in manufacturing, industrial, and healthcare sectors.
In accordance with Skybox Safety (2025), 76% of organizations imagine miscommunication between community and safety groups has negatively impacted their safety posture. This disconnect creates tangible safety dangers and operational inefficiencies. Conversely, organizations with unified safety and IT operations reported 30% fewer vital safety incidents in comparison with these with siloed groups.
For healthcare organizations, the stakes are even increased. Amongst healthcare establishments that skilled ransomware assaults, these with siloed safety and IT operations reported a 28% improve in affected person mortality charges in 2024, up from 23% in 2023 (Ponemon Institute & Proofpoint, 2024). This stark actuality underscores that cybersecurity integration is not simply an operational consideration—it is a affected person security crucial.
The monetary case for integration is equally compelling. A Forrester Whole Financial Affect examine on ServiceNow Safety Operations options demonstrated a 238% ROI and $6.2 million in current worth advantages, with a 6-month payback interval when integrating safety and IT operations (Forrester/ServiceNow, 2024).
Ahead-thinking organizations are adopting refined integration fashions like Cyber Fusion Facilities. Gartner analysis confirms these characterize a major development over conventional safety operations, predicting that by 2028, 20% of huge enterprises will shift to cyber-fraud fusion groups to fight inside and exterior adversaries, up from lower than 5% in 2023.
For enterprise leaders, the message is obvious: breaking down operational silos between safety and IT groups is not simply good observe—it is important for complete safety, operational effectivity, and aggressive benefit in at present’s menace panorama. Few perceive that higher than Elrod, who’s spent a long time making an attempt to bridge this hole each technologically and culturally.
The Bridge to Fashionable Healthcare
For Elrod, identity-based microsegmentation represents greater than only a expertise resolution—it is a bridge between the place healthcare has been and the place it must go.
“Know-how prior to now wasn’t purchased as a result of it was crappy… They have been nice. Good intention. They did what they wanted to do on the time. However there’s a variety of temporal distance between now and when that made sense,” he explains.
Elisity helps MultiCare “construct that bridge from the place we now have been to the place we have to go… It is a ladder out of the pit. That is nice. Let’s cease throwing issues in there. Let’s really do issues in a rational vogue,” says Elrod.
Wanting Forward
Whereas no single resolution can tackle all of healthcare’s safety challenges, identity-based microsegmentation is “one of many bricks on the yellow brick street to creating healthcare safety and expertise the tradition of Sure,” based on Elrod.
As healthcare organizations proceed to stability safety necessities with the necessity for frictionless care supply, options that align these competing priorities will turn into more and more important.
By implementing identity-based microsegmentation, MultiCare has remodeled safety from a barrier to an enabler of recent healthcare—proving that with the appropriate method, it is doable to create a tradition the place “sure” is the default response with out compromising safety or compliance.
Prepared to flee your personal safety “mosh pit” and construct a bridge to trendy healthcare? Obtain Elisity’s Microsegmentation Purchaser’s Information 2025. This useful resource equips healthcare safety leaders with analysis standards, implementation methods, and ROI frameworks which have helped organizations like MultiCare remodel from the “Division of No” to a “Tradition of Sure.” Start your journey towards identity-based safety at present. To study extra about Elisity and the way we assist remodel healthcare organizations like MultiCare, go to our web site right here.
