Skip Navigation
Get a Demo
Resources Case Studies
Detection and response

Red Canary: the Rx for ransomware threats at a nationally recognized healthcare system

In the wake of rising ransomware threats, Red Canary’s 24×7 monitoring and hands-on-keyboard remediation empower a non-profit hospital and healthcare system to remain focused on its mission of providing high-quality medical care to all.

A critical healthcare provider in their region, this large non-profit hospital and healthcare system is home to nearly 10,000 employees and manages more than 14,000 endpoints.

In 2022, the healthcare industry experienced a 74 percent increase in weekly cyber attacks compared to 2021. This surge resulted in an average of 1,465 attacks per week, according to Check Point Research. Notably, ransomware continues to pose a significant threat, characterized by increasing sophistication and extortion attempts. The consequences of ransomware attacks are profound, extending beyond financial losses to impede the essential mission of providing critical medical care to the communities hospitals like this non-profit serve.

In addition to the looming threat of ransomware, this non-profit healthcare system has had to confront many obstacles that resonate with cybersecurity professionals across various sectors, including:

  • Strategically navigating security budget and resource constraints
  • Addressing the repercussions of staff turnover
  • Collecting and contextualizing cyber threat intelligence with limited team bandwidth

“We’ve had other vendors approach us, and I’ve always said, ‘You’re not taking away my Red Canary.’ The people, the culture, and product quality stand above all other tools I have.”


This non-profit healthcare system has been a Red Canary customer for the better half of a decade. When they first partnered with Red Canary, their main challenge was keeping pace with potential threats identified by Carbon Black. They needed a resource with deep expertise in endpoint detection and response (EDR) capable of cutting through the noise and pinpointing the threats requiring immediate action. This was crucial for reducing their daily workload, allowing them to redirect their focus to other vital aspects of their security posture.

As their environment evolved over time, this non-profit healthcare system recognized the need to enhance their threat detection capabilities for network and identity. They seamlessly integrated more telemetry with Red Canary, feeding data from Darktrace, Proofpoint, Microsoft 365, Microsoft Active Directory (AD), and their firewall. This not only expanded the scope of coverage but also enabled them to offload even more detection and response tasks to Red Canary.

Then in 2023, this non-profit healthcare system encountered a staffing challenge with the departure of key security resources. Faced with the need to swiftly address the resulting gaps in their security operations, they made a strategic move by adding Active Remediation, Red Canary’s round-the-clock, hands-on-keyboard threat remediation service. Active Remediation not only helped fill the void left by the departing staff but ensured continuous 24×7 coverage.

“Red Canary takes the intelligence they see across their customers’ environments and applies it immediately to us. That visibility and context fuels our own threat hunting and speeds up our reaction.”


As an ongoing strategic initiative, this non-profit healthcare system has been transitioning from a control-centric security model to an intelligence-driven approach, a shift that seamlessly aligns with their partnership with Red Canary. As their Enterprise CISO explains, “Controls help drive intelligence, but a strict control-focused strategy is useless. It takes too much time to build context. By adopting an intelligence-driven approach and partnering with Red Canary, we’re able to get intelligence in a way that doesn’t require us hiring 40 people in-house. Red Canary takes the intelligence they see across their customers’ environments and applies it immediately to us. That visibility and context fuels our own threat hunting and speeds up our reaction.”

This non-profit healthcare system has experienced many positive benefits over the years, including:

Building resilience

Red Canary’s advanced threat detection strengthens their defenses against top threats like ransomware, enabling rapid and early responses. This proactive approach not only protects against financial losses but also ensures uninterrupted patient care, aligning with the hospital’s mission.

24x7 hands-on-keyboard support

With 24×7 coverage and the ability to “hit the red button” after-hours, Red Canary Active Remediation ensures immediate action upon threat confirmation. This not only eliminates delays in remediation but also provides heightened visibility and context to help prevent similar incidents in the future.

Minimizing tools, maximizing impact

This non-profit healthcare system tackled budget constraints by consolidating redundant tools and bidding farewell to their MSSP, which relied too heavily on their SIEM without adding value or context. This initiative freed up funds to support broader coverage with Red Canary.

Responding faster with context

By leveraging shared insights from thousands of customers and identifying patterns that align with known information, Red Canary equips this non-profit healthcare system with the context needed to power their intelligence-centric strategy, enriching their understanding and expediting responses to emerging threats.

Healthcare organizations are increasingly vulnerable to ransomware threats, which can jeopardize patient data, disrupt critical operations, and impact patient care. Effective mitigation of threats is essential to ensure the safety and security of patient information, maintain the integrity of healthcare services, and limit financial impact following a breach. Red Canary continues to play a pivotal role in protecting this non-profit healthcare system through 24×7 monitoring, investigations, and hands-on-keyboard remediation and also by serving as an extension of their team in the face of staff turnover and skills gaps. This support aligns seamlessly with their intelligence-centric strategy, making Red Canary an indispensable ally in the ongoing battle against cyber threats.

Back to Top