Case studies · Cole Finch
A candid look at how one pediatric hospital transformed its healthcare cybersecurity posture with managed detection and response (MDR)—reducing incident response times from hours to minutes while protecting sensitive patient data across a 20-county service area.
Duration: 3 minutes
Format: Video interview
Featuring:
- Nick Schopperth, Chief Information Security Officer, Dayton Children’s Hospital
- JD Whitlock, Chief Information Officer, Dayton Children’s Hospital
- Mike Brady, Cybersecurity Supervisor, Dayton Children’s Hospital
- Colin Metzler, Senior Cybersecurity Analyst, Dayton Children’s Hospital
Additional resources
- Read about Expel’s approach to managed detection and response (MDR)
- Download the Gartner Market Guide for MDR
- Explore Expel’s customer stories
Introduction
Healthcare cybersecurity has never been more critical. With patient data, medical devices, and life-saving systems all connected to hospital networks, a single breach can have devastating consequences. For Dayton Children’s Hospital, the challenge wasn’t just protecting data—it was doing so with a lean security team managing an overwhelming volume of alerts.
Nick Schopperth, Chief Information Security Officer at Dayton Children’s Hospital, shares how partnering with Expel transformed their healthcare cybersecurity approach, allowing his team to focus on strategic initiatives while maintaining 24×7 protection for some of the region’s most vulnerable patients.
The healthcare cybersecurity challenge at Dayton Children’s
Nick Schopperth: Expel has been instrumental in helping us safeguard our information. I’m Nick Schopperth, Chief Information Security Officer at Dayton Children’s Hospital in Dayton, Ohio.
Some of the services that we offer at Dayton Children’s range anywhere from primary care to day-to-day cancer treatments—really the full gamut of healthcare. Having somebody watching our backs 24×7 not only helps us all sleep a little better at night, but it helps us focus on those day-to-day tasks without taking our guard down.
JD Whitlock: Cybersecurity is vitally important these days to all organizations, particularly in healthcare. We have a lot of area to protect from a cybersecurity perspective. We need to do everything we can to maximize our cybersecurity readiness.
Managing alert overload in healthcare environments
Mike Brady: We have a lot of information coming in from a lot of really cool devices, appliances, and programs. We’re very blessed to have that technology, but with a team of our size, it was a bit overwhelming at times. We wanted to make sure that we focused and addressed every issue, alert, or concern that came across appropriately.
When we were able to partner with Expel, that really helped us with the workload and being able to put eyes on issues or concerns.
Why Dayton Children’s chose MDR for healthcare cybersecurity
JD Whitlock: The reason that we sought out an MDR partner is because we realized that once we had achieved some of those other basic blocking and tackling things, we decided the next thing that we really needed was a good MDR service. We needed somebody like Expel with a combination of good software, AI, and really good filtering of what’s really a risk and what’s not a risk—separating the signal from the noise.
Nick Schopperth: Before, an incident took us several hours—I’ll say four or five hours to clean up. Now it takes us about 15 minutes or so.
The human element in healthcare cybersecurity
Mike Brady: I think after every quarter, we find more and more reasons why we are happy to be with Expel in our environment and as they grow.
Colin Metzler: One really great thing that has come out of using Expel and the dashboard is when there’s an event, they have what’s called resiliency actions—how can you make it safer? They’re very clear. They follow industry standards and best practices. A lot of small details within the resiliency actions can be so easily missed by organizations.
Nick Schopperth: The biggest benefit of working with Expel is the peace of mind that we have that there are human eyeballs 24×7 on our network. It’s great just having somebody watching our back like that.
Key outcomes for healthcare cybersecurity at Dayton Children’s
The partnership between Dayton Children’s Hospital and Expel delivered measurable improvements in healthcare cybersecurity:
Response time improvement: Incident response dropped from 4-5 hours to approximately 15 minutes—a 95% reduction that minimizes disruption to patient care.
Alert management: Automated triage and expert filtering eliminated false positives, allowing the security team to focus on genuine threats rather than chasing endless alerts.
24×7 coverage: Continuous monitoring by experienced security analysts provides round-the-clock protection without requiring additional full-time staff.
Strategic focus: The security team gained time to work on long-term projects and strategic initiatives rather than constant firefighting.
Resiliency guidance: Actionable recommendations following industry best practices help prevent future incidents and strengthen overall security posture.
Frequently asked questions about healthcare cybersecurity
Q: What makes healthcare cybersecurity different from other industries?
Healthcare organizations face unique challenges including connected medical devices, strict regulatory requirements (HIPAA), legacy systems that are difficult to patch, and the critical nature of operations where downtime can directly impact patient care. Healthcare cybersecurity requires protecting not just data, but life-saving systems.
Q: How can small healthcare security teams manage the volume of security alerts?
Managed detection and response (MDR) services help healthcare organizations by filtering false positives, prioritizing genuine threats, and providing 24×7 monitoring without requiring additional headcount. This allows lean security teams to focus on strategic initiatives while maintaining comprehensive protection.
Q: What should healthcare organizations look for in an MDR partner?
Look for healthcare cybersecurity expertise, transparency in investigations, rapid response times, integration with existing security tools, and clear communication. The best MDR partners act as an extension of your team rather than a black box service.
Q: How quickly should healthcare organizations respond to security incidents?
Speed is critical in healthcare cybersecurity. Industry-leading MDR providers achieve mean time to respond (MTTR) of 15-20 minutes for critical incidents. Faster response minimizes potential damage, reduces downtime, and helps maintain continuous patient care.
Q: Can MDR services integrate with existing healthcare security infrastructure?
Yes. Leading MDR providers like Expel integrate with existing security tools (endpoint protection, SIEM, network monitoring, cloud security) without requiring organizations to replace their technology stack. This maximizes existing investments while adding expert analysis and 24×7 coverage.
Q: How does AI enhance healthcare cybersecurity?
AI and automation help filter alerts, identify patterns, and accelerate threat detection. However, the most effective healthcare cybersecurity approach combines AI-driven efficiency with human expertise for context, judgment, and decision-making—particularly important in healthcare environments where false positives can disrupt critical care.
Healthcare cybersecurity best practices from Dayton Children’s Hospital
Healthcare organizations looking to strengthen their cybersecurity posture can learn from Dayton Children’s approach:
Start with fundamentals: Ensure basic security controls are in place before investing in advanced solutions. Strong fundamentals create a solid foundation for more sophisticated protections.
Partner strategically: Don’t try to build everything in-house. Strategic partnerships with MDR providers can deliver enterprise-grade security without enterprise-sized security teams.
Prioritize visibility: Comprehensive monitoring across all systems—endpoints, network, cloud, applications—ensures nothing falls through the cracks.
Measure what matters: Track meaningful metrics like incident response time, alert-to-incident ratio, and time-to-remediation to understand where security operations can improve.
Focus on resilience: Use security incidents as learning opportunities. Implement recommended actions to prevent similar incidents and continuously strengthen your security posture.
Maintain human oversight: While automation and AI are valuable, human expertise remains essential for making nuanced decisions in healthcare environments where context matters.
The future of healthcare cybersecurity
As healthcare continues to digitize—with telemedicine, IoT medical devices, cloud-based health records, and AI-driven diagnostics—the attack surface continues to expand. Healthcare organizations need cybersecurity solutions that scale with this complexity while remaining manageable for lean security teams.
The partnership between Dayton Children’s Hospital and Expel demonstrates that effective healthcare cybersecurity doesn’t require massive in-house security operations centers. With the right MDR partner, even smaller healthcare organizations can achieve enterprise-grade protection, rapid incident response, and peace of mind—allowing them to focus on their primary mission of patient care.
