When a bank or large retailer experiences a cyberattack, there can be financial repercussions, but no one’s health is in jeopardy. That’s not the case with hospitals. What works in a traditional Security Operations Center (SOC) can fail in a hospital setting, with life-or-death consequences. That’s why Iredell Health System recently transitioned to a 24/7 outsourced SOC from Fortified.
It’s a partnership that has already improved Iredell Health’s security posture while reducing its cybersecurity premiums – a major achievement in today’s risk-laden environment. You can learn more in our new case study.
About Iredell Health
Iredell Health is the #1 health system in Iredell County, North Carolina.
Iredell Memorial Hospital is the county’s only nonprofit hospital. The system also includes Iredell Davis Medical Center and Iredell Mooresville, the county’s only 24-hour urgent care facility.
The Iredell system has 391 licensed beds, approximately 2,000 employees, and around 365 healthcare providers. The system’s Centers of Excellence include those for cardiovascular and cancer care.
Iredell Health recognized the value of continuous security monitoring, but needed a proven partner to supplement its internal resources. They chose Fortified because of its healthcare-specific approach to around-the-clock monitoring.
Fortified’s SOC analysts thoroughly understand healthcare environments and can quickly determine if a threat is urgent or simply background noise. They carefully consider the clinical context before taking action, as some responses can compromise patient safety. The key is to respond promptly in a way that doesn’t disrupt patient care.
Positive Results Of The Outsourced SOC
Iredell Health has received numerous benefits since partnering with Fortified:
1. Vulnerabilities reduced by 67% in one year
With Fortified’s Central Command platform, Iredell Health reduced vulnerabilities from 91,000 to 30,000 – a reduction that exceeded its initial goal.
2. 24/7 threat monitoring and rapid response
Fortified’s SOC has provided continuous monitoring and incident response, ensuring teams address threats before they can escalate. Having dedicated security professionals available around the clock has reduced the need for Iredell Health’s in-house teams to respond to critical alerts outside of business hours. In one instance, the Fortified team identified and resolved an issue within five minutes, which would have otherwise taken days to troubleshoot.
3. Reduction in cyber insurance premiums
Following the annual risk assessment conducted by Fortified, Iredell Health’s insurance provider noted the improvements and subsequently lowered the health system’s cyber insurance premiums. That’s a rare achievement for a health system of any size.
“All of Fortified’s experts have worked in healthcare,” says Alex Ragno, a cybersecurity analyst at Iredell Health. “I don’t have to explain to them the frustrations that we go through – and that’s awesome.”
Healthcare Requires a Special SOC
Outsourcing an SOC to a partner who doesn’t understand healthcare can be disastrous. For example, a traditional MSSP might disconnect a compromised endpoint in seconds. But what if that device supports critical care? In healthcare, every action must be weighed against clinical impact.
A non-healthcare cyber-partner understands metrics such as Mean Time to Acknowledge (MTTA) and Mean Time to Resolution (MTTR). But in healthcare, there’s a metric that’s even more important: meaningful response. It’s not simply a matter of moving fast. An SOC partner needs to solve problems without adding risk.
Choosing a Healthcare-Specific Outsourced SOC
If your healthcare organization wants to enjoy the many benefits of an outsourced SOC, we invite you to watch our webinar entitled “Alerts To Action: The Needs Of A Healthcare SOC”. Our experts discuss why a speedy response isn’t enough. Patient safety must be the driving force behind every decision in an outsourced SOC.
Contact Fortified today to learn more about how outsourcing your organization’s SOC can deliver financial/operational benefits while safeguarding patient safety or learn more about Iredell’s experience by downloading the full case study here.
