University of Kansas Health System Grows Visibility by 98% with GreyMatter
Healthcare provider achieves 98% increase in visibility and reduces incident response times with automated processes, improving overall security operations.
Increase in Visibility Across Both the Health System and Medical Center
Growth in Detection Coverage Over Six Months
Reduction in Alert Noise
The University of Kansas Health System, one of the largest medical providers in the Midwest, serves approximately 2.5 million patients across three hospitals and more than 100 provider locations. Michael Meis, the Associate Chief Information Security Officer (CISO), oversees the cybersecurity program for the University of Kansas Health System in partnership with the University of Kansas Medical Center in a shared environment.
When Meis joined the health system three years ago, the security program was growing, but incident response was managed by just a few employees who were taking on multiple roles, putting them at risk of burnout.
Compounding the problem, Meis was working with two separate security teams: one each from the University of Kansas Medical Center and the University of Kansas Health System. Visibility into the environment was poor, and the teams lacked insight into the state of the overall program. Each team used different toolsets and collected disparate data, making coordinated incident response nearly impossible.
“Incidents would occur and be responded to in a vacuum, depending on which side of the house detected it first,” Meis said. “There was really no ability to see the larger picture and no consistent way to respond to incidents, regardless of where they occurred across both organizations.”
All communication was conducted via email, including during incidents, leading to inefficiencies and delays in incident response. The fragmented approach posed a danger to patient care as threat actors could move undetected for longer periods of time.
To address these challenges, the healthcare provider needed a partner that could bring in the necessary technology and expertise to mature their security operations—so Michael Meis turned to ReliaQuest and the GreyMatter security operations platform.
The Challenges Facing a Growing Security
Operations Program
Improving and Modernizing their Security Program
Integrating and Managing Cyber Risk for Acquired Business Units
Obtaining Security Visibility Across an Expanding Attack Surface
THE OUTCOMES
The ReliaQuest Partnership
Doubled Visibility in Six Months by Growing Detection Coverage
Six months after the health system partnered with ReliaQuest, the organization gained comprehensive visibility into both the health system and medical center environments, an improvement of over 98%. This unified visibility enabled a coordinated response to incidents occurring across systems, and the healthcare provider gained a new understanding of their position against MITRE techniques. “For the first time in the history of both organizations, we were able to see and understand the entirety of our attack surface,” Meis said.
ReliaQuest pre-built and custom detection rules helped the health system improve coverage by 110% over six months, providing the organization with better awareness and control over potential threats.
Fewer Alerts Leading to Proactive Security Teams
With help from ReliaQuest, the health system implemented automated incident response processes, significantly reducing response times and improving efficiency.
Over a six-month period, ReliaQuest filtered, triaged, and resolved all but 174 of 75,000 alerts before escalating them to health system personnel for review. Of those escalated, 38 were identified as true positives.
As a result, analysts were freed from the mundane, repetitive tasks associated with alert triage, allowing them to focus on proactive threat hunting, advanced detection and response, digital forensics, and other tasks requiring human intuition and insight.
With GreyMatter in place, the healthcare provider significantly reduced incident response times and improved their overall cybersecurity posture. The team experienced an increase in morale and skill levels as staff were empowered to focus on high-value tasks.
GreyMatter Mobile App Enabling In-the-Moment Incident Response
With the GreyMatter mobile app, the health system was no longer completely reliant on email communications, enabling faster and more efficient incident response. The mobile app allowed on-call analysts to stay in tune with incident response processes and respond to alerts without the need to open their laptops. The mobile app helps Meis’s team keep pace with adversaries and ensure the safety and security of patient care.
An Enhanced Security Posture
By partnering with ReliaQuest, Michael Meis and the University of Kansas Health System achieved comprehensive visibility across both the health system and medical center environments, improved detection coverage, and significantly reduced incident response times. The implementation of automated processes and a mobile app for communication empowered their team to focus on high-value tasks, ultimately enhancing their overall cybersecurity posture and operational efficiency.
For the first time in the history of both organizations, we were able to see and understand the entirety of our attack surface.Michael Meis Associate Chief Information Security Officer (CISO)
Explore Other Resources
Security Operations Made Possible with ReliaQuest GreyMatter
Increase visibility, reduce complexity, and manage risk across your existing tools with comprehensive protection unified under a single security operations platform.
