Breaking Out of the Safety Mosh Pit
When Jason Elrod, CISO of MultiCare Well being System, describes legacy healthcare IT environments, he would not mince phrases: “Healthcare likes to stroll backwards into the longer term. And that is how we acquired right here, as a result of there are a number of issues that we may have ready for that we did not, as a result of we have been so focused on the place we have been.”
This chaotic strategy has characterised healthcare IT for many years. In a sector the place lives rely upon know-how working flawlessly 24/7/365, safety groups have historically functioned as gatekeepers—the “Division of No”—targeted on safety on the expense of innovation and care supply.
However as healthcare continues its digital transformation journey, this strategy is not sustainable. With 14 hospitals, lots of of pressing care clinics, and practically 30,000 staff serving tens of millions of sufferers, MultiCare wanted a distinct path ahead – one that did not sacrifice innovation for security. That shift started with a mindset change on the prime that was pushed by years of expertise navigating these precise tensions.
Jason Elrod’s View: The Healthcare Safety Conundrum
After 15+ years as a healthcare CISO, Elrod has a singular perspective on the safety challenges dealing with healthcare organizations. In response to him, healthcare’s particular operational realities create safety dilemmas in contrast to another business:
- All the time-on operations: “When can you are taking it down? When are you able to cease all the pieces and improve it?” asks Elrod. In contrast to different industries, healthcare operates 24/7/365 with little room for downtime.
- Life-or-death entry necessities: “We now have to ensure all the data they want is obtainable once they want it, with the minimal quantity of friction attainable. As a result of it is me, it is you, it is our communities, it is our family members, it is life or demise.”
- Increasing assault floor: With the shift to telemedicine, distant work, and linked medical gadgets, the menace panorama has expanded dramatically. “It is like a bowl of spaghetti the place every strand wants to have the ability to speak to at least one finish or the opposite, however simply to the strands it must.”
- Misaligned incentives: “IT traditionally has been focused on availability and pace and entry, ubiquitous entry… And safety says, ‘That is a improbable Lego automobile you constructed. Earlier than you may go outdoors and play with it, I will stick a bunch extra Legos on prime of it known as safety, privateness, and compliance.'”
It is a recipe for burnout, blame, and breakdowns. However what if safety may allow care as a substitute of obstructing it?
Watch how MultiCare turned that chance into observe within the Elisity Microsegmentation Platform case research with Jason Elrod, CISO, MultiCare Well being System.
Id: The Key to Trendy Healthcare Safety
The breakthrough for MultiCare got here with the implementation of identity-based microsegmentation by means of Elisity.
“The most important assault floor is the id of each particular person,” notes Elrod. “Why are the assaults at all times on id? As a result of in healthcare, we should be sure all the data is obtainable once they want it, with the minimal quantity of friction attainable.”
Conventional community segmentation approaches relied on advanced VLANs, firewalls, and endpoint brokers. The end result? “A Byzantine spaghetti mess” that turned more and more tough to handle and replace.
Elisity’s strategy modified this paradigm by specializing in id fairly than community location:
- Dynamic safety insurance policies that observe customers, workloads, and gadgets wherever they seem on the community
- Granular entry controls that create safety perimeters round particular person belongings
- Coverage enforcement factors that leverage current infrastructure to implement microsegmentation with out requiring new {hardware}, brokers, or advanced community reconfigurations
From Skepticism to Transformation
When Elrod first launched Elisity to his crew, they responded with wholesome skepticism. “They’re like, ‘Did you hit your head? Are you certain you learn what you have been saying? I assumed you stopped consuming,'” Elrod remembers.
The technical groups have been uncertain that such a microsegmentation resolution may work with their current infrastructure. “They stated, ‘That does not sound like one thing that may be completed,'” shares Elrod.
However seeing was believing. “While you see people who find themselves deeply technical, individuals who simply know their craft very well, they usually see one thing and go ‘Wow’… it shakes the pillars of their opinions about what could be completed,” explains Elrod.
The Elisity resolution delivered on its guarantees:
- Speedy implementation with out disruptive community adjustments
- Actual-time automated or guide coverage changes that beforehand took weeks to implement
- Complete visibility throughout beforehand siloed environments
- Enhanced safety posture with out compromising availability
…all with out forcing a tradeoff between safety and efficiency.
However what shocked Elrod most wasn’t simply what the know-how did, however the way it modified the folks utilizing it.[JE2]
Breaking Down Partitions Between Groups
Maybe probably the most sudden profit was how the answer remodeled relationships between groups.
“There’s been a friction level. Put this management and constraint across the community. Who’s the primary particular person to name? They’ll name IT. ‘I can not do that factor.’ And I am saying, ‘Properly, you may’t open all the pieces, as a result of all people cannot have all the pieces. As a result of the dangerous guys may have all the pieces then,'” Elrod explains.
Id-based microsegmentation modified this dynamic:
“It modified from ‘How do I get round you?’ and ‘How do you get round me?’ to cooperation. As a result of now it is like, ‘Oh, nicely, let’s make that change collectively.’ It shifted culturally, and this was not one thing I anticipated… We actually are on the identical crew. This can be a resolution that works for all of us, makes all of our jobs higher, Safety and IT. It’s a power multiplier throughout the group,” says Elrod.
With Elisity, safety and IT groups now share incentives fairly than competing priorities. “The identical factor that enables me to make connectivity work between this space and right here in a frictionless trend can also be the identical precise factor that gives the rationalized safety round it. Similar instrument, identical dashboard, identical crew,” Elrod notes.
Enabling a Tradition of Sure
For healthcare suppliers, the impression is profound. “If they do not have to fret about entry, haven’t got to fret in regards to the controls, they will take the cognitive load of pondering and worrying in regards to the compliance components of it, the safety, the privateness, the know-how underlying the desk that they are engaged on,” says Elrod.
This shift allows a basic change in how safety interacts with medical employees:
- Pace of supply: “We will try this on the pace of want versus the pace of forms, the pace of know-how, the pace of legacy,” explains Elrod.
- Granular management: “How would you want your personal phase on the community, wherever it’s possible you’ll roam? I can base it in your id, wherever you are at,” Elrod shares.
- Enhanced belief: “With the ability to instill that confidence that, ‘Hey, it is safe, it is secure, it is scalable, it is practical, we are able to assist it. And we are able to transfer on the tempo that you just wish to transfer at.'”
Breaking Down Silos: The Enterprise Crucial of Safety-IT Integration
The normal separation between safety and IT operations groups is quickly turning into out of date as organizations acknowledge the strategic benefits of integration. Latest analysis demonstrates compelling enterprise advantages for enterprises that efficiently bridge this divide, significantly for these in manufacturing, industrial, and healthcare sectors.
In response to Skybox Safety (2025), 76% of organizations imagine miscommunication between community and safety groups has negatively impacted their safety posture. This disconnect creates tangible safety dangers and operational inefficiencies. Conversely, organizations with unified safety and IT operations reported 30% fewer important safety incidents in comparison with these with siloed groups.
For healthcare organizations, the stakes are even increased. Amongst healthcare establishments that skilled ransomware assaults, these with siloed safety and IT operations reported a 28% improve in affected person mortality charges in 2024, up from 23% in 2023 (Ponemon Institute & Proofpoint, 2024). This stark actuality underscores that cybersecurity integration is not simply an operational consideration—it is a affected person security crucial.
The monetary case for integration is equally compelling. A Forrester Complete Financial Influence research on ServiceNow Safety Operations options demonstrated a 238% ROI and $6.2 million in current worth advantages, with a 6-month payback interval when integrating safety and IT operations (Forrester/ServiceNow, 2024).
Ahead-thinking organizations are adopting subtle integration fashions like Cyber Fusion Facilities. Gartner analysis confirms these characterize a major development over conventional safety operations, predicting that by 2028, 20% of enormous enterprises will shift to cyber-fraud fusion groups to fight inner and exterior adversaries, up from lower than 5% in 2023.
For enterprise leaders, the message is evident: breaking down operational silos between safety and IT groups is not simply good observe—it is important for complete safety, operational effectivity, and aggressive benefit in in the present day’s menace panorama. Few perceive that higher than Elrod, who’s spent a long time making an attempt to bridge this hole each technologically and culturally.
The Bridge to Trendy Healthcare
For Elrod, identity-based microsegmentation represents greater than only a know-how resolution—it is a bridge between the place healthcare has been and the place it must go.
“Expertise prior to now wasn’t purchased as a result of it was crappy… They have been nice. Good intention. They did what they wanted to do on the time. However there’s a number of temporal distance between now and when that made sense,” he explains.
Elisity helps MultiCare “construct that bridge from the place we have now been to the place we have to go… It is a ladder out of the pit. That is nice. Let’s cease throwing issues in there. Let’s really do issues in a rational trend,” says Elrod.
Wanting Forward
Whereas no single resolution can deal with all of healthcare’s safety challenges, identity-based microsegmentation is “one of many bricks on the yellow brick street to creating healthcare safety and know-how the tradition of Sure,” in line with Elrod.
As healthcare organizations proceed to stability safety necessities with the necessity for frictionless care supply, options that align these competing priorities will grow to be more and more important.
By implementing identity-based microsegmentation, MultiCare has remodeled safety from a barrier to an enabler of recent healthcare—proving that with the suitable strategy, it is attainable to create a tradition the place “sure” is the default response with out compromising safety or compliance.
Prepared to flee your personal safety “mosh pit” and construct a bridge to trendy healthcare? Obtain Elisity’s Microsegmentation Purchaser’s Information 2025. This useful resource equips healthcare safety leaders with analysis standards, implementation methods, and ROI frameworks which have helped organizations like MultiCare remodel from the “Division of No” to a “Tradition of Sure.” Start your journey towards identity-based safety in the present day. To be taught extra about Elisity and the way we assist remodel healthcare organizations like MultiCare, go to our web site right here.