Skip to Content
back to all Customer Stories

University of Kansas Health System Grows Visibility by 98% with GreyMatter

Healthcare provider achieves 98% increase in visibility and reduces incident response times with automated processes, improving overall security operations.

98 %

Increase in Visibility Across
Both the Health System
and Medical Center

110 %

Growth in Detection Coverage
Over Six Months

99 %

Reduction in Alert Noise Reduction

Overview
The University of Kansas Health System

The University of Kansas Health System, one of the largest medical providers in the Midwest, serves approximately 2.5 million patients across three hospitals and more than 100 provider locations. Michael Meis, the Associate Chief Information Security Officer (CISO), oversees the cybersecurity program for the University of Kansas Health System in partnership with the University of Kansas Medical Center in a shared environment. 

When Meis joined the health system three years ago, the security program was growing, but incident response was managed by just a few employees who were taking on multiple roles, putting them at risk of burnout.  

Compounding the problem, Meis was working with two separate security teams: one each from the University of Kansas Medical Center and the University of Kansas Health System. Visibility into the environment was poor, and the teams lacked insight into the state of the overall program. Each team used different toolsets and collected disparate data, making coordinated incident response nearly impossible.  

“Incidents would occur and be responded to in a vacuum, depending on which side of the house detected it first,” Meis said. “There was really no ability to see the larger picture and no consistent way to respond to incidents, regardless of where they occurred across both organizations.”  

All communication was conducted via email, including during incidents, leading to inefficiencies and delays in incident response. The fragmented approach posed a danger to patient care as threat actors could move undetected for longer periods of time.  

To address these challenges, the healthcare provider needed a partner that could bring in the necessary technology and expertise to mature their security operations—so Michael Meis turned to ReliaQuest and the GreyMatter security operations platform. 

decor decor

The Challenges Facing a Growing Security Operations Program

Improving and Modernizing their Security Program

Integrating and Managing Cyber Risk for Acquired Business Units

Obtaining Security Visibility Across an Expanding Attack Surface

THE OUTCOMES

The ReliaQuest Partnership

Doubled Visibility in Six Months by Growing Detection Coverage

Six months after the health system partnered with ReliaQuest, the organization gained comprehensive visibility into both the health system and medical center environments, an improvement of over 98%. This unified visibility enabled a coordinated response to incidents occurring across systems, and the healthcare provider gained a new understanding of their position against MITRE techniques. “For the first time in the history of both organizations, we were able to see and understand the entirety of our attack surface,” Meis said. 

ReliaQuest pre-built and custom detection rules helped the health system improve coverage by 110% over six months, providing the organization with better awareness and control over potential threats.  

Fewer Alerts Leading to Proactive Security Teams 

With help from ReliaQuest, the health system implemented automated incident response processes, significantly reducing response times and improving efficiency.  

Over a six-month period, ReliaQuest filtered, triaged, and resolved all but 174 of 75,000 alerts before escalating them to health system personnel for review. Of those escalated, 38 were identified as true positives. 

As a result, analysts were freed from the mundane, repetitive tasks associated with alert triage, allowing them to focus on proactive threat hunting, advanced detection and response, digital forensics, and other tasks requiring human intuition and insight.  

With GreyMatter in place, the healthcare provider significantly reduced incident response times and improved their overall cybersecurity posture. The team experienced an increase in morale and skill levels as staff were empowered to focus on high-value tasks. 

GreyMatter Mobile App Enabling In-the-Moment Incident Response 

With the GreyMatter mobile app, the health system was no longer completely reliant on email communications, enabling faster and more efficient incident response. The mobile app allowed on-call analysts to stay in tune with incident response processes and respond to alerts without the need to open their laptops. The mobile app helps Meis’s team keep pace with adversaries and ensure the safety and security of patient care. 

An Enhanced Security Posture

By partnering with ReliaQuest, Michael Meis and the University of Kansas Health System achieved comprehensive visibility across both the health system and medical center environments, improved detection coverage, and significantly reduced incident response times. The implementation of automated processes and a mobile app for communication empowered their team to focus on high-value tasks, ultimately enhancing their overall cybersecurity posture and operational efficiency.

For the first time in the history of both organizations, we were able to see and understand the entirety of our attack surface. Michael Meis Associate Chief Information Security Officer (CISO)
Image Description

See GreyMatter in Action

Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.

GreyMatter's security operations platform dashboard