Topics:
Providence's cybersecurity team protects 51 hospitals and more than 1,000 clinics. At that scale, cybersecurity has to be threat-informed, risk-driven, and operated as a business enabler: measurable, adaptive, and increasingly augmented by artificial intelligence (AI).
That last part, AI-augmented, is where a lot of the conversation is right now. And I want to be direct about how we're approaching it, because there's a difference between talking about AI and actually putting it to work in a way that holds up under pressure.
The first thing we had to get right was framing. AI is not a strategy, it's a capability—and like any capability, it has to be matched to the problem.
We use different tools for different jobs. Some AI helps our teams communicate faster, manage their inboxes, draft content, and move through routine work more efficiently. That's valuable. But it's not the same as what we need when we're investigating a threat, correlating telemetry across clinical and enterprise environments, or trying to make a risk decision under time pressure.
For that, we need tools with more depth. We need tools that can solve complex problems and help us get to answers faster. We've been deliberate about layering these capabilities so we're not forcing one platform to do everything; different problems, different tools.
We're past the pilot stage in several areas. AI is actively reducing the volume of low-impact, high-frequency work across our teams. It helps with triage and analysis of alerts, device and system telemetry, and other data produced by systems on the network by pulling together information that used to take hours of manual effort. Our compliance workflows alone have seen significant efficiency gains as we're completing tasks more than four times faster in some areas, and our teams are reinvesting that time into higher-value work.
While AI can accelerate data processing and highlight areas of interest, decisions that affect risk, operations, and patient safety remain firmly in human hands. This is especially critical in clinical environments, where even small disruptions can have downstream consequences.
Here's the principle we don't compromise on: AI handles data gathering and repetitive tasks. Humans remain responsible for risk decisions, analysis, and judgment.
The math is clear: the volume and complexity of our work is growing faster than headcount. We won’t build a much larger team, so AI must help absorb the load.
That means using AI to help smaller teams handle more alerts, process more data, and respond faster without burning out. Everyone on the team needs to learn and use AI as part of their daily work: identify use cases, experiment, and improve.
AI capabilities are not being rushed into production. New tools and use cases are first evaluated in controlled environments, where their impact can be understood before broader deployment.
This “test, validate, scale” model reflects the realities of healthcare, where changes must be introduced carefully to avoid unintended consequences. This is particularly critical in systems that intersect with clinical workflows or touch patient care in any fashion. The cost of getting it wrong is too high not to test and validate before production.
This work is taking place against a rapidly changing threat landscape. AI is increasing the speed and scale of activity for defenders and attackers. AI is compressing the attack lifecycle. What used to take weeks (reconnaissance, payload development, delivery) can now happen in days or hours. We have seen confirmed reports of AI-enabled, working zero-day exploits and the volume of vendor incidents and breaches continues to rise.
For healthcare organizations, this amplifies an already complex challenge: managing more connected devices, vendor dependencies, and pressure to respond quickly without disrupting care. We're investing in better visibility across connected clinical environments, with AI playing a growing role in helping us correlate information across them, and surface what needs attention.
Providence’s experience highlights a broader direction for healthcare cybersecurity.
AI is becoming embedded in how we operate day to day. It is a force multiplier across all of Providence Cybersecurity: helping teams move faster, see more clearly, and make better decisions under pressure.
But none of that works without discipline. In healthcare especially, speed without control creates risk. Our focus is making sure AI scales the right way—aligned to how we manage risk, protect patients, and support clinical operations.
Mike Ratliff is Senior Vice President and Chief Information Security Officer at Providence, where he leads enterprise cybersecurity and emergency management across 51 hospitals and more than 1,000 clinics. With more than 37 years of experience across healthcare, government, and defense, he has spent the past 11-plus years building Providence's cybersecurity program into a mature, globally integrated function focused on risk management, threat detection and response, and operational resilience.
Sam Templetonis Director of Cybersecurity Communication, Awareness, and Education for Providence, a national, Catholic, not-for-profit health system. Sam is responsible for driving a culture of information security for all 300,000 caregivers, ensuring effective change management for all cybersecurity initiatives, and manage communication during cybersecurity incidents.
