Challenge
Northshore had grown by acquisition into a four-state, 63-clinic outpatient network. Each acquired group brought its own network, its own carrier, and its own security posture. The central security team had been firefighting for two years.
An external HIPAA audit had flagged 14 findings tied to network segmentation, identity, and logging. Northshore's executive team set a 12-month deadline for an audit-ready posture — without taking clinics offline.
Medical ANS was selected because the methodology was specific: zero-trust as an operating model rather than a product, with progressive rollout and per-clinic risk reviews.
Solution
We started with an identity-first redesign of network access. Cisco ISE went in as the policy engine, integrated with the existing identity provider. Every clinical, biomedical, vendor, guest, and corporate device began authenticating to the network before it touched anything else.
Segmentation was deployed progressively — clinic by clinic, never on day one. Risk-based policies started in audit-only mode at each site for two weeks before enforcement turned on. No clinic experienced a workflow disruption attributable to the segmentation rollout.
Security operations moved to the Medical ANS SOC, integrated with the NOC. Splunk replaced a patchwork of point logging tools. Quarterly business reviews became the executive surface for the audit-readiness program — with finding closure tracked in plain English.
Results
- 14 / 14 — External HIPAA audit findings closed within deadline
- 40% — Reduction in security incidents, trailing 12 months
- 63 sites — Brought under unified policy and managed operations
- 0 — Clinical workflow disruptions attributable to segmentation rollout
- 55% — Reduction in mean-time-to-detect on security events
"The audit closure was the headline. The thing I'll remember is that we got there without a single clinic calling to tell us we'd broken their day."— CISO, Northshore Outpatient Network