Large Hospital and Healthcare System — Phishing Automation and Bulk Indicator Enrichment

A large, multi-state health system needed to move phishing response from a hours-long manual effort to a near-instant automated process — while simultaneously scaling its threat intelligence operations across dozens of hospitals. Dataminr for Cyber Defense made both achievable.

The Challenge

Protecting 50 hospitals across seven states requires security operations that can move at the speed of the threat — but this organization’s processes weren’t built to scale. The team’s primary challenges centered on automating threat intelligence collection, enriching indicators of compromise at volume, building repeatable workflow templates, and modernizing case management. Phishing response was a particular pressure point, and enrichment of indicators via VirusTotal — including applying scoring criteria based on results — remained a largely manual, time-consuming burden. The gap between what the team needed to accomplish and what their workflows allowed them to do was widening.

The Solution

Dataminr for Cyber Defense gave the security team the building blocks to replace manual steps with automated, repeatable processes, incorporating nearly a dozen tool integrations into a coherent operational framework.

Automate Phishing Attack Response

Using automated workflows within the Dataminr Agentic Threat Intelligence Platform, the security team automated phishing analysis, triage, and response — reducing the time required from more than three hours to just minutes.

Automate Threat Intelligence Collection

The Dataminr Agentic Threat Intelligence Platform enabled automated collection from the team’s full range of internal and external intelligence sources, eliminating manual aggregation across feeds.

Conduct IOC Enrichment

A purpose-built automated workflow eliminated the time-consuming process of manually assessing thousands of indicators of compromise and determining their relevance to the enterprise.

Improve Case Management

Standardized workflow templates gave the security team a consistent, repeatable framework for phishing triage and response — ensuring every case followed a documented, defensible course of action.

The Outcome

Phishing response time dropped from more than three hours to minutes. Intelligence collection became continuous and automatic. IOC enrichment at scale — previously a painful daily burden — became a structured, automated process. And case management shifted from ad hoc to standardized across the organization. With Dataminr for Cyber Defense as the operational backbone, the security team reclaimed the time and focus needed to protect a health system operating across seven states.