Get out of the security mosh pit
“Healthcare loves to go backwards to the future, and this is how we get here,” Jason Elrod, CISO at Multicare Health System, explains the Legacy Healthcare IT environment.
This chaotic approach has characterised medicine for decades. In a sector where life relies on the perfect work skills, security teams have traditionally acted as gatekeepers, open 24/7. This focuses on protection at the expense of innovation and care delivery.
However, this approach is no longer sustainable as healthcare continues its journey of digital transformation. With 14 hospitals, hundreds of emergency care clinics and nearly 30,000 employees serving millions of patients, Multicare needed a different path. That shift began with a change in the mindset of the top, driven by years of experience navigating these precise tensions.
Jason Elrod’s View: Healthcare Security Challenges
After more than 15 years as a healthcare CISO, Elrod has a unique perspective on the security challenges facing healthcare organizations. According to him, the specific operational reality of healthcare differs from other industries, creating a security dilemma.
Always operate: “When can I delete it? When can I stop everything and upgrade?” asks Elrod. Unlike other industries, Healthcare operates 24/7. There is little room for downtime. Life or Lifetime Access Requirements: “You need to make sure all the information you need is available when you need it. Minimum friction is possible. Scaling the attack surface: With telemedicine, remote work, and the transition to connected medical devices, the threat situation has dramatically expanded. “It’s like a bowl of spaghetti where each strand needs to be able to talk to one end or the other, but only the strands you need.” Incentives malicious: “Historically, we’ve been focusing on availability and speed and access, ubiquitous access…and security is, “It’s a great Lego car you made. Before you go out and play with it, I’m going to paste more Legos called Security, Privacy and Compliance.”
This is a recipe for burnout, blame, and breakdowns. But what if security could allow care instead of hindering it?
Multicare is a case study of the Elisity Microsegmentation platform with Jason Elrod of Multicare Health System and CISO to see how they transformed that potential into practice.
Identity: The Key to Modern Healthcare Security
Multicare’s breakthrough came with the implementation of identity-based microsegmentation through Elisity.
“The biggest offensive aspect is the identity of every individual,” Elrod said. “Why is attacks always lying on identity? Because healthcare requires minimal friction and ensure that all information is available when needed.”
Traditional network segmentation approaches relied on complex VLANs, firewalls, and endpoint agents. result? “Byzantine spaghetti confusion” has become increasingly difficult to manage and update.
Elisity’s approach changed this paradigm by focusing on identity rather than network location.
Where the network displays dynamic security policies that follow users, workloads, and devices, a policy enforcement point that leverages existing infrastructure that creates security perimeters around individual assets to implement microsegments without requiring new hardware, agents, or complex network reconfiguration
From skepticism to transformation
When Elrod first introduced Erigiti to his team, they responded with healthy skepticism. “They said, ‘Did you hit your head? Are you certainly reading what you’re saying? I thought you stopped drinking,” Elrod recalls.
The technical team doubted that such microsegment solutions could work with existing infrastructure. “They said, ‘It doesn’t sound like something you can do,'” Elrod said.
But I believed in seeing. “When you look at people who are deep and technical, they really know their tech, and they go “wow” when they see something…it shakes the pillar of opinion about what they can do,” explains Elrod.
Erigiti solutions delivered based on that promise:
Rapid implementation without disruptive network changes Real-time automatic or manual policy adjustments take weeks to implement comprehensive visibility across previously siloed environments, enhancing security attitudes without compromising availability
…All without enforcing a trade-off between protection and performance.
But what surprised Elrod the most was not just what technology did, but how they used it to change people.[JE2]
Decompose walls between teams
Perhaps the most unexpected benefit was how the solution changed relationships between teams.
“There was a friction point. Put this control and constraint around the network. Who was the first person to call? They’re going to call it. And I explain, “Well, you can’t open everything, because everyone has everything,” Elrod explains.
Identity-based microsegmentation has altered this dynamic.
“That changed from ‘How do you get around you?’ And we worked together, “How do you circulate around me?” It has shifted culturally, but this was not what I was expecting.
Elisity, Security and IT teams share incentives rather than competing priorities. “The same thing that allows connectivity to work in this area and here in a frictionless way is the same exact thing that provides streamlined security around it. The same tools, the same dashboard, the same team,” Elrod said.
It enables a culture of yes
For healthcare providers, the impact is profound. “If they don’t need to worry about access, they don’t need to worry about control. They can worry about the compliance factors underlying the table they’re working on, the cognitive thinking of security, privacy and technology,” says Elrod.
This shift allows for a fundamental change in how security interacts with clinical staff.
Speed of delivery: “In contrast to bureaucratic speeds, technology speeds, and legacy speeds, you can do that at the speed you need,” explains Elrod. Granular Control: “How can I roam my segment on a network, wherever I go? I’m based it on your identity wherever you are,” says Elrod. Enhanced trust: “Hey, it’s safe, stable, scalable, functional, supportive, and you can move at the pace you want to move.”
Silo Disassembly: Security Integration Business Issues
Traditional separation of security and IT operations teams is rapidly becoming obsolete as organizations recognize the strategic benefits of integration. Recent research has shown attractive business benefits, particularly for those in the manufacturing, industrial and health sectors, for companies that successfully bridge this gap.
According to Skybox Security (2025), 76% of organizations believe that misunderstandings between network and security teams have a negative impact on security attitudes. This disconnect creates tangible security risks and operational inefficiencies. Conversely, organizations with unified security and IT operations reported 30% fewer critical security incidents compared to siloed teams.
For healthcare organizations, interests are even higher. Among medical institutions that have experienced ransomware attacks, security has been silenced, and IT operations have reported an increase in patient mortality rates by 28%, up from 23% in 2023 (Ponemon Institute & Proofpoint, 2024). This harsh reality highlights that cybersecurity integration is not just an operational consideration, but a patient safety requirement.
The financial cases for integration are equally persuasive. Forrester’s total economic impact survey in ServiceNow Security Operations Solutions showed a ROI of 238% and a present value benefit of $6.2 million.
Advanced organizations employ sophisticated integrated models such as cyber fusion centers. Gartner Research confirms that these represent important advancements in traditional security operations, predicting that by 2028 20% of large companies will move to cyber-burning fusion teams, fighting internal and external enemies from under 5% in 2023.
For enterprise leaders, the message is clear. Not only does it break down operational silos between security and IT teams, it is essential for comprehensive protection, operational efficiency and competitive advantage in today’s threat landscape. Few people understand this gap better than Elrod, who spent decades trying to fill it technically and culturally.
Bridge to modern health care
For Elrod, identity-based microsegmentation represents more than just a technology solution. This is the bridge between where healthcare is and where you need to go.
“The technology in the past wasn’t bought because it was crappy… They were great. Good intentions. They did what they needed to do at the time.
Elisity says Multicare “helps that bridge build that bridge from where we went to where we need to go… it’s a ladder outside the hole. This is great. Stop throwing things out there. Let’s actually do things in a reasonable way.”
Looking ahead
Elrod said there is no single solution that cannot address all of the healthcare security challenges, but identity-based microsegmentation is “one of the bricks on the yellow brick road to make healthcare security and technology a culture of yes.”
As healthcare organizations continue to balance security requirements with the need for frictionless care delivery, these competing prioritization solutions become increasingly essential.
By implementing identity-based microsegmentation, Multicare has transformed security from barriers to modern healthcare enablers. If you promote that with the right approach, you can create a culture where “yes” is the default response without compromising security or compliance.
Are you ready to escape your own security from the “mosh pit” and build a bridge to modern health care? Download Elisity’s Micro Segmentation Buyer Guide 2025. This resource equips healthcare security leaders with evaluation criteria, implementation strategies, and ROI frameworks that helped organizations such as multi-carers be converted from “NO” to “yes culture.” Start your journey into identity-based security today. To learn more about Elisity and how we can help transform healthcare organizations like Multicare, visit this website.
Source link
