A Healthcare CISO’s Journey to Enabling Fashionable Care

Breaking Out of the Safety Mosh Pit

When Jason Elrod, CISO of MultiCare Well being System, describes legacy healthcare IT environments, he would not mince phrases: “Healthcare likes to stroll backwards into the long run. And that is how we bought right here, as a result of there are a variety of issues that we might have ready for that we did not, as a result of we have been so focused on the place we have been.”

This chaotic method has characterised healthcare IT for many years. In a sector the place lives rely upon know-how working flawlessly 24/7/365, safety groups have historically functioned as gatekeepers—the “Division of No”—targeted on safety on the expense of innovation and care supply.

However as healthcare continues its digital transformation journey, this method is not sustainable. With 14 hospitals, a whole lot of pressing care clinics, and practically 30,000 workers serving tens of millions of sufferers, MultiCare wanted a unique path ahead – one that did not sacrifice innovation for security. That shift started with a mindset change on the prime that was pushed by years of expertise navigating these actual tensions.

Jason Elrod’s View: The Healthcare Safety Conundrum

After 15+ years as a healthcare CISO, Elrod has a novel perspective on the safety challenges dealing with healthcare organizations. In line with him, healthcare’s particular operational realities create safety dilemmas not like every other business:

• All the time-on operations: “When can you are taking it down? When are you able to cease the whole lot and improve it?” asks Elrod. In contrast to different industries, healthcare operates 24/7/365 with little room for downtime.
• Life-or-death entry necessities: “We now have to ensure all the data they want is on the market once they want it, with the minimal quantity of friction doable. As a result of it is me, it is you, it is our communities, it is our family members, it is life or loss of life.”
• Increasing assault floor: With the shift to telemedicine, distant work, and related medical gadgets, the risk panorama has expanded dramatically. “It is like a bowl of spaghetti the place every strand wants to have the ability to discuss to at least one finish or the opposite, however simply to the strands it must.”
• Misaligned incentives: “IT traditionally has been focused on availability and pace and entry, ubiquitous entry… And safety says, ‘That is a implausible Lego automobile you constructed. Earlier than you’ll be able to go exterior and play with it, I’ll stick a bunch extra Legos on prime of it referred to as safety, privateness, and compliance.'”

It is a recipe for burnout, blame, and breakdowns. However what if safety might allow care as an alternative of obstructing it?

Watch how MultiCare turned that chance into follow within the Elisity Microsegmentation Platform case research with Jason Elrod, CISO, MultiCare Well being System.

Id: The Key to Fashionable Healthcare Safety

The breakthrough for MultiCare got here with the implementation of identity-based microsegmentation by Elisity.

“The largest assault floor is the identification of each particular person,” notes Elrod. “Why are the assaults at all times on identification? As a result of in healthcare, we should be certain all the data is on the market once they want it, with the minimal quantity of friction doable.”

Conventional community segmentation approaches relied on complicated VLANs, firewalls, and endpoint brokers. The consequence? “A Byzantine spaghetti mess” that grew to become more and more troublesome to handle and replace.

Elisity’s method modified this paradigm by specializing in identification slightly than community location:

• Dynamic safety insurance policies that comply with customers, workloads, and gadgets wherever they seem on the community
• Granular entry controls that create safety perimeters round particular person property
• Coverage enforcement factors that leverage present infrastructure to implement microsegmentation with out requiring new {hardware}, brokers, or complicated community reconfigurations

From Skepticism to Transformation

When Elrod first launched Elisity to his workforce, they responded with wholesome skepticism. “They’re like, ‘Did you hit your head? Are you certain you learn what you have been saying? I assumed you stopped ingesting,'” Elrod recollects.

The technical groups have been uncertain that such a microsegmentation answer might work with their present infrastructure. “They stated, ‘That does not sound like one thing that may be carried out,'” shares Elrod.

However seeing was believing. “While you see people who find themselves deeply technical, individuals who simply know their craft very well, and so they see one thing and go ‘Wow’… it shakes the pillars of their opinions about what might be carried out,” explains Elrod.

The Elisity answer delivered on its guarantees:

• Speedy implementation with out disruptive community adjustments
• Actual-time automated or handbook coverage changes that beforehand took weeks to implement
• Complete visibility throughout beforehand siloed environments
• Enhanced safety posture with out compromising availability

…all with out forcing a tradeoff between safety and efficiency.

However what stunned Elrod most wasn’t simply what the know-how did, however the way it modified the folks utilizing it.[JE2]

Breaking Down Partitions Between Groups

Maybe probably the most sudden profit was how the answer remodeled relationships between groups.

“There’s been a friction level. Put this management and constraint across the community. Who’s the primary individual to name? They are going to name IT. ‘I am unable to do that factor.’ And I am saying, ‘Nicely, you’ll be able to’t open the whole lot, as a result of everyone cannot have the whole lot. As a result of the dangerous guys may have the whole lot then,'” Elrod explains.

Id-based microsegmentation modified this dynamic:

“It modified from ‘How do I get round you?’ and ‘How do you get round me?’ to cooperation. As a result of now it is like, ‘Oh, nicely, let’s make that change collectively.’ It shifted culturally, and this was not one thing I anticipated… We actually are on the identical workforce. This can be a answer that works for all of us, makes all of our jobs higher, Safety and IT. It’s a drive multiplier throughout the group,” says Elrod.

With Elisity, safety and IT groups now share incentives slightly than competing priorities. “The identical factor that enables me to make connectivity work between this space and right here in a frictionless trend can also be the identical actual factor that gives the rationalized safety round it. Similar device, similar dashboard, similar workforce,” Elrod notes.

Enabling a Tradition of Sure

For healthcare suppliers, the impression is profound. “If they do not have to fret about entry, do not have to fret in regards to the controls, they’ll take the cognitive load of pondering and worrying in regards to the compliance components of it, the safety, the privateness, the know-how underlying the desk that they are engaged on,” says Elrod.

This shift allows a elementary change in how safety interacts with medical employees:

• Velocity of supply: “We will try this on the pace of want versus the pace of paperwork, the pace of know-how, the pace of legacy,” explains Elrod.
• Granular management: “How would you want your individual section on the community, wherever chances are you’ll roam? I can base it in your identification, wherever you are at,” Elrod shares.
• Enhanced belief: “With the ability to instill that confidence that, ‘Hey, it is safe, it is secure, it is scalable, it is practical, we will assist it. And we will transfer on the tempo that you simply need to transfer at.'”

Breaking Down Silos: The Enterprise Crucial of Safety-IT Integration

The normal separation between safety and IT operations groups is quickly turning into out of date as organizations acknowledge the strategic benefits of integration. Latest analysis demonstrates compelling enterprise advantages for enterprises that efficiently bridge this divide, significantly for these in manufacturing, industrial, and healthcare sectors.

In line with Skybox Safety (2025), 76% of organizations imagine miscommunication between community and safety groups has negatively impacted their safety posture. This disconnect creates tangible safety dangers and operational inefficiencies. Conversely, organizations with unified safety and IT operations reported 30% fewer vital safety incidents in comparison with these with siloed groups.

For healthcare organizations, the stakes are even greater. Amongst healthcare establishments that skilled ransomware assaults, these with siloed safety and IT operations reported a 28% enhance in affected person mortality charges in 2024, up from 23% in 2023 (Ponemon Institute & Proofpoint, 2024). This stark actuality underscores that cybersecurity integration is not simply an operational consideration—it is a affected person security crucial.

The monetary case for integration is equally compelling. A Forrester Whole Financial Affect research on ServiceNow Safety Operations options demonstrated a 238% ROI and $6.2 million in current worth advantages, with a 6-month payback interval when integrating safety and IT operations (Forrester/ServiceNow, 2024).

Ahead-thinking organizations are adopting subtle integration fashions like Cyber Fusion Facilities. Gartner analysis confirms these characterize a major development over conventional safety operations, predicting that by 2028, 20% of huge enterprises will shift to cyber-fraud fusion groups to fight inner and exterior adversaries, up from lower than 5% in 2023.

For enterprise leaders, the message is evident: breaking down operational silos between safety and IT groups is not simply good follow—it is important for complete safety, operational effectivity, and aggressive benefit in right now’s risk panorama. Few perceive that higher than Elrod, who’s spent a long time making an attempt to bridge this hole each technologically and culturally.

The Bridge to Fashionable Healthcare

For Elrod, identity-based microsegmentation represents greater than only a know-how answer—it is a bridge between the place healthcare has been and the place it must go.

“Expertise previously wasn’t purchased as a result of it was crappy… They have been nice. Good intention. They did what they wanted to do on the time. However there’s a variety of temporal distance between now and when that made sense,” he explains.

Elisity helps MultiCare “construct that bridge from the place we’ve got been to the place we have to go… It is a ladder out of the pit. That is nice. Let’s cease throwing issues in there. Let’s really do issues in a rational trend,” says Elrod.

Wanting Forward

Whereas no single answer can tackle all of healthcare’s safety challenges, identity-based microsegmentation is “one of many bricks on the yellow brick highway to creating healthcare safety and know-how the tradition of Sure,” in keeping with Elrod.

As healthcare organizations proceed to stability safety necessities with the necessity for frictionless care supply, options that align these competing priorities will change into more and more important.

By implementing identity-based microsegmentation, MultiCare has remodeled safety from a barrier to an enabler of recent healthcare—proving that with the fitting method, it is doable to create a tradition the place “sure” is the default response with out compromising safety or compliance.

Prepared to flee your individual safety “mosh pit” and construct a bridge to fashionable healthcare? Obtain Elisity’s Microsegmentation Purchaser’s Information 2025. This useful resource equips healthcare safety leaders with analysis standards, implementation methods, and ROI frameworks which have helped organizations like MultiCare rework from the “Division of No” to a “Tradition of Sure.” Start your journey towards identity-based safety right now. To be taught extra about Elisity and the way we assist rework healthcare organizations like MultiCare, go to our web site right here.