Learn how to defend against a ransomware attack in our upcoming webinar series. Register Now ➞

ReliaQuest helps Moffitt treat reactive security woes

Moffitt Cancer Center Achieves Best-In-Class Security Operations Through Partnership with ReliaQuest.


Established in 1982, Moffitt Cancer Center is a nonprofit cancer treatment and research center located in Tampa, Florida. As one of the leading cancer centers in the United States, Moffitt has the Southeast’s largest blood and marrow transplant and treatment program, with 10,000+ employees supporting more than 350,000 patient visits a year.

Moffitt’s IT security team includes a Threat Analytics Center (TAC) with six analysts focused primarily on threat hunting, analysis, and response; and a Cyber Operations team, which handles day-to-day operations, risk assessments and management, and more. The team, formerly led by Chief Information Security Officer (CISO) Dave Summitt, is dedicated to protecting Moffitt from cyber threats that could interfere with its critical mission “to contribute to the prevention and cure of cancer.”

The Challenges

  • Clock
    Difficulty ensuring coverage beyond work hours
  • Alert
    The risk of threats, both internal and external
  • Phishing
    Increasing frequency of phishing scams

The Solution

Not only did ReliaQuest help the Moffitt team to optimize their tools, detection, and alerting capabilities, but because ReliaQuest partners with other industry leaders in healthcare, Moffitt can benchmark its program against peers. This insight, delivered via the Security Model Index, helps to show where they’re improving, where they are best-in-class, and where they need to focus additional effort.

These reports armed Summit to have conversations with his team and show his executive staff and Board how they were decreasing risk for the organization. These benchmarks and insights also helped Summit to project the impact of additional security investment—and secure needed funding.

The Outcomes

One powerful proof point that underscores the efficacy of Moffitt’s security team is their attainment of a 3.5 maturity level for IT governance and information management, based on ISACA’s 5-level COBIT framework. That score is even more impressive when you consider that Summitt essentially built Moffitt’s security team from the ground up when he joined the organization about six years ago.

“Our 3.5 COBIT score places us in the top 51% of all healthcare organizations,” said Summitt. “And I think Level 4 is completely attainable for us now that we have added ReliaQuest’s GreyMatter to our suite of tools, which will help our team to be even more accurate, fast, and efficient in our work. I can’t stress enough how impactful ReliaQuest is. Frankly, we’d have to take a step backward without the expertise and automation we get from GreyMatter coupled with ReliaQuest’s 24/7/365 security operations team.”

Moffitt Cancer Center makes security possible with ReliaQuest.

The Results:


Board-ready security metrics and industry benchmarking


< 7 days implementation time


3.5 COBIT score