Études de cas

Strengthening data security and compliance for a global healthcare organisation

Content Image

The Client

A non-profit Catholic healthcare organisation headquartered in the US. It is one of the largest Catholic health systems in the United States and the largest not-for-profit private healthcare provider in Ireland. The organisation operates more than 50 hospitals and employs over 60,000 associates across the U.S. and Ireland.

The Challenge

The client needed to protect highly sensitive patient and operational data while meeting stringent regulatory requirements, including HIPAA and GDPR.

The organisation managed vast volumes of data across numerous clinical and business systems, many of which involved complex data flows, legacy data sources, and multiple points of entry and exit. Ahead of implementing a full Electronic Health Record (EHR) system, the client required a clear understanding of its data security, privacy, and compliance risks, along with a robust strategy to mitigate them at scale.

Key Challenges

  • Data security: Protecting sensitive patient and operational data across complex systems
  • Compliance: Meeting HIPAA and GDPR requirements across multiple jurisdictions
  • Visibility: Limited insight into where sensitive data was stored and how it was moving
  • Risk management: Identifying and addressing existing data security and privacy risks ahead of EHR deployment
  • Scale: Supporting a large, global user base and data estate

The Solution

CWSI invited the client to participate in the Microsoft Cyber Security Investment (CSI) programme and delivered a comprehensive Data Security engagement.

The project focused on identifying risky data, uncovering compliance gaps, and creating a clear roadmap to strengthen security across the organisation’s global estate. Working closely with Microsoft Ireland, CWSI demonstrated the value of Microsoft Purview Information Protection and Insider Risk Management to safeguard sensitive data and reduce exposure.

Key elements of the solution included:

  • Data Security engagement to identify and classify sensitive data
  • Discovery and remediation of live data security risks, including an active data breach
  • A detailed security and compliance roadmap aligned to healthcare regulations
  • Demonstration and planning for full deployment of Microsoft Purview
  • Strategic guidance supporting uplift to Microsoft 365 E5 for 35,000 users globally

The Result

The engagement significantly strengthened the client’s data security posture and provided a clear, actionable path toward long-term compliance and risk reduction.

Key Outcomes

  • Identification and resolution of a live data breach
  • Improved visibility of sensitive data across clinical and business systems
  • A comprehensive security roadmap aligned to HIPAA and GDPR
  • Successful business case to uplift 35,000 users globally to Microsoft 365 E5
  • ECIF funding secured to deploy the full Microsoft Purview portfolio

Why CWSI

CWSI worked closely with the client and Microsoft Ireland to deliver a strategic, insight-driven security engagement that balanced compliance, risk reduction, and operational scale. By combining deep expertise in Microsoft security technologies with a healthcare-focused approach, CWSI helped the organisation turn a complex compliance challenge into a foundation for secure digital transformation.

“We partnered with CWSI to discover data security, compliance, and privacy risks in advance of our implementation of a full Electronic Health Record (EHR) system across our multi-hospital environment. This included large-scale legacy data sources and numerous business and clinical systems with complex data movement patterns. CWSI helped us understand how the Microsoft Purview portfolio could mitigate these risks, leading to an approved business case to uplift to M365 E5 on 1st July.”

Cyber Security Lead, Leading Catholic Healthcare Organisation