Med Center Health Achieves 24/7 Protection and Peace of Mind with CrowdStrike

When Daniel Morrison stepped into the role of Director of Information Security at Med Center Health, he found an environment mired in complexity. The organization relied on legacy endpoint and data security tools, plus a separate vendor for SIEM and managed detection. Each solution came with its own agent, console, and maintenance schedule. The result was constant system lag, endless exclusions, and no cohesive view of the organization’s risk.

“When I started, I was the only person in security, managing multiple hospitals with different agents on every endpoint,” explained Morrison. “Every change to a system required another exclusion or another ticket. We were always chasing problems instead of solving them.”

In 2023, Med Center Health swapped its disjointed approach for CrowdStrike, modernizing its security with a unified platform and managed services that have proven effective across the healthcare industry. Within a single day, more than 4,000 devices were protected — strengthening the systems that doctors, nurses, and staff rely on to deliver patient care.

“It was the easiest deployment I’ve ever done. We were protected right away,” Morrison said.

What began as an endpoint modernization quickly evolved into a security transformation. By unifying endpoint, identity, SIEM, AI, and data security within the CrowdStrike Falcon® platform, Med Center Health gained end-to-end visibility and protection from a single console.

The first priority was to eliminate agent sprawl. With CrowdStrike, Med Center Health replaced three separate endpoint agents with the single lightweight Falcon sensor. System performance improved, management became straightforward, and visibility expanded across all endpoints, servers, and users.

“Before CrowdStrike, users constantly complained about slow performance,” Morrison said. “Once we switched, those issues disappeared. I could finally focus on security instead of troubleshooting agents.”

As the program matured, Med Center Health brought in CrowdStrike Falcon® Complete Next-Gen MDR to replace its previous managed detection and response service. “That vendor would alert me and then tell me to fix it myself,” Morrison recalled. “Falcon Complete doesn’t do that. They take care of the problem.”

Falcon Complete Next-Gen MDR became an extension of Morrison’s small team, providing 24/7 monitoring and remediation across 4,500 workstations, 900 servers, and more than 8,000 user accounts. “Having that coverage gives me peace of mind. I don’t have to wonder if something is slipping through the cracks,” he said.

With CrowdStrike handling alerts and response, Morrison was able to shift his time toward higher-value work: building policies, vetting vendors, and strengthening the organization’s overall security posture. 

“CrowdStrike gave me my time back,” he said. “Instead of reacting all day, I can focus on making the environment stronger.”

As the environment grew, Morrison turned his attention to identity security. Med Center Health deployed CrowdStrike Falcon® Next-Gen Identity Security to monitor privileged accounts, detect compromised credentials, and enforce multifactor authentication (MFA) for domain controllers.

“Identity is one of the biggest risks in healthcare,” Morrison said. “We have to make sure admin rights are limited and credentials are protected. If someone gains access to the wrong account, they could have free reign in our network.”

Falcon Next-Gen Identity Security automatically flags compromised or duplicate passwords and triggers enforcement actions through CrowdStrike Falcon® Fusion. The team built simple SOAR workflows that email affected users and force password resets on next login. This automation saves hours each week and ensures consistent policy enforcement.

“The automation piece was easy to implement and it’s made a big difference,” Morrison said. “Now when someone’s password is compromised, the system handles it end-to-end. We don’t have to chase it manually.”

Morrison also uses Falcon Next-Gen Identity Security to visualize paths to compromise across the environment. “Seeing potential lateral movement in advance lets us cut off those attack paths before they’re exploited,” he said.

Next, Med Center Health replaced its aging SIEM with CrowdStrike Falcon® Next-Gen SIEM, managed by Falcon Complete. The transition was seamless and gave Morrison the visibility his team needed to track malicious domains, IPs, and activity across the network. 

“It’s been night and day compared to what we had,” he said. “The data correlation and context are much stronger, and the response time is immediate.”

The organization also added CrowdStrike Falcon® Data Security to gain insight into how patient data moves across systems. “We’ve already found people trying to upload PHI to personal Gmail or Google Drive,” Morrison said. “Now we can see it, stop it, and audit it.”

Protecting patient information is central to everything the team does, and that visibility helps safeguard the trust patients place in Med Center Health every day. The team currently uses simulated blocks to monitor behavior and plans to move into full enforcement once all legitimate workflows are mapped.

Falcon Data Security is also positioned to help Med Center Health safeguard sensitive information as the organization explores generative AI in clinical operations. “We’re starting to see AI systems being introduced in healthcare, and we’ll be using [Falcon Data Security] to make sure no patient information leaks into those environments,” Morrison said.

Since consolidating on the Falcon platform, Med Center Health has transformed its security program from reactive to proactive. With a single platform replacing multiple agents, 24/7 MDR coverage, and integrated identity and data security, Morrison’s small team now operates with the capability of a fully staffed SOC.

“Everything’s under one roof,” he said. “I don’t have to jump between tools or wonder if an alert is handled. CrowdStrike gives us visibility, simplicity, and peace of mind.”

The partnership continues to evolve as Med Center Health evaluates CrowdStrike® Charlotte AI™ to extend automation and investigation capabilities. “The agentic AI concept is huge for a team like ours,” Morrison said. “It’s like having extra hands in the fight.”

Reflecting on the journey, Morrison summed it up this way: “CrowdStrike is the first place I look when we face a new challenge. They’ve earned that trust. For me, the biggest difference is knowing we have a partner who’s as committed to protecting our patients as we are.”