Breaking Out of the Safety Mosh Pit
When Jason Elrod, CISO of MultiCare Well being System, describes legacy healthcare IT environments, he would not mince phrases: “Healthcare likes to stroll backwards into the long run. And that is how we received right here, as a result of there are numerous issues that we might have ready for that we did not, as a result of we have been so targeting the place we have been.”
This chaotic method has characterised healthcare IT for many years. In a sector the place lives depend upon know-how working flawlessly 24/7/365, safety groups have historically functioned as gatekeepers—the “Division of No”—centered on safety on the expense of innovation and care supply.
However as healthcare continues its digital transformation journey, this method is not sustainable. With 14 hospitals, a whole bunch of pressing care clinics, and practically 30,000 staff serving tens of millions of sufferers, MultiCare wanted a distinct path ahead – one that did not sacrifice innovation for security. That shift started with a mindset change on the high that was pushed by years of expertise navigating these precise tensions.
Jason Elrod’s View: The Healthcare Safety Conundrum
After 15+ years as a healthcare CISO, Elrod has a singular perspective on the safety challenges going through healthcare organizations. In response to him, healthcare’s particular operational realities create safety dilemmas not like every other business:
- All the time-on operations: “When can you’re taking it down? When are you able to cease every part and improve it?” asks Elrod. In contrast to different industries, healthcare operates 24/7/365 with little room for downtime.
- Life-or-death entry necessities: “We have now to verify all the data they want is offered after they want it, with the minimal quantity of friction doable. As a result of it is me, it is you, it is our communities, it is our family members, it is life or dying.”
- Increasing assault floor: With the shift to telemedicine, distant work, and related medical units, the menace panorama has expanded dramatically. “It is like a bowl of spaghetti the place every strand wants to have the ability to speak to at least one finish or the opposite, however simply to the strands it must.”
- Misaligned incentives: “IT traditionally has been targeting availability and pace and entry, ubiquitous entry… And safety says, ‘That is a improbable Lego automobile you constructed. Earlier than you possibly can go outdoors and play with it, I’ll stick a bunch extra Legos on high of it known as safety, privateness, and compliance.'”
It is a recipe for burnout, blame, and breakdowns. However what if safety might allow care as a substitute of obstructing it?
Watch how MultiCare turned that risk into follow within the Elisity Microsegmentation Platform case research with Jason Elrod, CISO, MultiCare Well being System.
Id: The Key to Fashionable Healthcare Safety
The breakthrough for MultiCare got here with the implementation of identity-based microsegmentation via Elisity.
“The largest assault floor is the identification of each particular person,” notes Elrod. “Why are the assaults at all times on identification? As a result of in healthcare, we should be certain all the data is offered after they want it, with the minimal quantity of friction doable.”
Conventional community segmentation approaches relied on complicated VLANs, firewalls, and endpoint brokers. The consequence? “A Byzantine spaghetti mess” that turned more and more tough to handle and replace.
Elisity’s method modified this paradigm by specializing in identification somewhat than community location:
- Dynamic safety insurance policies that observe customers, workloads, and units wherever they seem on the community
- Granular entry controls that create safety perimeters round particular person property
- Coverage enforcement factors that leverage current infrastructure to implement microsegmentation with out requiring new {hardware}, brokers, or complicated community reconfigurations
From Skepticism to Transformation
When Elrod first launched Elisity to his group, they responded with wholesome skepticism. “They’re like, ‘Did you hit your head? Are you positive you learn what you have been saying? I assumed you stopped ingesting,'” Elrod recollects.
The technical groups have been uncertain that such a microsegmentation resolution might work with their current infrastructure. “They mentioned, ‘That does not sound like one thing that may be achieved,'” shares Elrod.
However seeing was believing. “While you see people who find themselves deeply technical, individuals who simply know their craft rather well, they usually see one thing and go ‘Wow’… it shakes the pillars of their opinions about what will be achieved,” explains Elrod.
The Elisity resolution delivered on its guarantees:
- Speedy implementation with out disruptive community adjustments
- Actual-time automated or handbook coverage changes that beforehand took weeks to implement
- Complete visibility throughout beforehand siloed environments
- Enhanced safety posture with out compromising availability
…all with out forcing a tradeoff between safety and efficiency.
However what stunned Elrod most wasn’t simply what the know-how did, however the way it modified the folks utilizing it.[JE2]
Breaking Down Partitions Between Groups
Maybe probably the most surprising profit was how the answer remodeled relationships between groups.
“There’s been a friction level. Put this management and constraint across the community. Who’s the primary particular person to name? They are going to name IT. ‘I can not do that factor.’ And I am saying, ‘Nicely, you possibly can’t open every part, as a result of all people cannot have every part. As a result of the dangerous guys may have every part then,'” Elrod explains.
Id-based microsegmentation modified this dynamic:
“It modified from ‘How do I get round you?’ and ‘How do you get round me?’ to cooperation. As a result of now it is like, ‘Oh, nicely, let’s make that change collectively.’ It shifted culturally, and this was not one thing I anticipated… We actually are on the identical group. This can be a resolution that works for all of us, makes all of our jobs higher, Safety and IT. It’s a pressure multiplier throughout the group,” says Elrod.
With Elisity, safety and IT groups now share incentives somewhat than competing priorities. “The identical factor that enables me to make connectivity work between this space and right here in a frictionless trend can be the identical precise factor that gives the rationalized safety round it. Similar instrument, similar dashboard, similar group,” Elrod notes.
Enabling a Tradition of Sure
For healthcare suppliers, the impression is profound. “If they do not have to fret about entry, do not have to fret concerning the controls, they will take the cognitive load of pondering and worrying concerning the compliance elements of it, the safety, the privateness, the know-how underlying the desk that they are engaged on,” says Elrod.
This shift permits a basic change in how safety interacts with scientific employees:
- Velocity of supply: “We are able to do this on the pace of want versus the pace of forms, the pace of know-how, the pace of legacy,” explains Elrod.
- Granular management: “How would you want your personal section on the community, wherever it’s possible you’ll roam? I can base it in your identification, wherever you are at,” Elrod shares.
- Enhanced belief: “Having the ability to instill that confidence that, ‘Hey, it is safe, it is steady, it is scalable, it is practical, we are able to help it. And we are able to transfer on the tempo that you just wish to transfer at.'”
Breaking Down Silos: The Enterprise Crucial of Safety-IT Integration
The standard separation between safety and IT operations groups is quickly changing into out of date as organizations acknowledge the strategic benefits of integration. Current analysis demonstrates compelling enterprise advantages for enterprises that efficiently bridge this divide, significantly for these in manufacturing, industrial, and healthcare sectors.
In response to Skybox Safety (2025), 76% of organizations imagine miscommunication between community and safety groups has negatively impacted their safety posture. This disconnect creates tangible safety dangers and operational inefficiencies. Conversely, organizations with unified safety and IT operations reported 30% fewer important safety incidents in comparison with these with siloed groups.
For healthcare organizations, the stakes are even increased. Amongst healthcare establishments that skilled ransomware assaults, these with siloed safety and IT operations reported a 28% enhance in affected person mortality charges in 2024, up from 23% in 2023 (Ponemon Institute & Proofpoint, 2024). This stark actuality underscores that cybersecurity integration is not simply an operational consideration—it is a affected person security crucial.
The monetary case for integration is equally compelling. A Forrester Whole Financial Affect research on ServiceNow Safety Operations options demonstrated a 238% ROI and $6.2 million in current worth advantages, with a 6-month payback interval when integrating safety and IT operations (Forrester/ServiceNow, 2024).
Ahead-thinking organizations are adopting refined integration fashions like Cyber Fusion Facilities. Gartner analysis confirms these signify a major development over conventional safety operations, predicting that by 2028, 20% of huge enterprises will shift to cyber-fraud fusion groups to fight inside and exterior adversaries, up from lower than 5% in 2023.
For enterprise leaders, the message is evident: breaking down operational silos between safety and IT groups is not simply good follow—it is important for complete safety, operational effectivity, and aggressive benefit in at the moment’s menace panorama. Few perceive that higher than Elrod, who’s spent a long time making an attempt to bridge this hole each technologically and culturally.
The Bridge to Fashionable Healthcare
For Elrod, identity-based microsegmentation represents greater than only a know-how resolution—it is a bridge between the place healthcare has been and the place it must go.
“Know-how prior to now wasn’t purchased as a result of it was crappy… They have been nice. Good intention. They did what they wanted to do on the time. However there’s numerous temporal distance between now and when that made sense,” he explains.
Elisity helps MultiCare “construct that bridge from the place we have now been to the place we have to go… It is a ladder out of the pit. That is nice. Let’s cease throwing issues in there. Let’s truly do issues in a rational trend,” says Elrod.
Trying Forward
Whereas no single resolution can tackle all of healthcare’s safety challenges, identity-based microsegmentation is “one of many bricks on the yellow brick street to creating healthcare safety and know-how the tradition of Sure,” in keeping with Elrod.
As healthcare organizations proceed to stability safety necessities with the necessity for frictionless care supply, options that align these competing priorities will grow to be more and more important.
By implementing identity-based microsegmentation, MultiCare has remodeled safety from a barrier to an enabler of recent healthcare—proving that with the fitting method, it is doable to create a tradition the place “sure” is the default response with out compromising safety or compliance.
Prepared to flee your personal safety “mosh pit” and construct a bridge to fashionable healthcare? Obtain Elisity’s Microsegmentation Purchaser’s Information 2025. This useful resource equips healthcare safety leaders with analysis standards, implementation methods, and ROI frameworks which have helped organizations like MultiCare rework from the “Division of No” to a “Tradition of Sure.” Start your journey towards identity-based safety at the moment. To be taught extra about Elisity and the way we assist rework healthcare organizations like MultiCare, go to our web site right here.
