Securing sensitive patient PHI and PII is a top concern for healthcare organizations like Tampa General Hospital (TGH).
So, when TGH wanted to automate administrative tasks with Microsoft Copilot so staff could focus on providing high-quality care, the security team knew they needed to ensure their data was safe and secure.
Gen AI tools like Microsoft Copilot can access anything the user can, which is often too much information. Orgs can no longer ignore issues of overexposed data, out-of-control permissions, and sharing links that put critical data at risk.
To help TGH unleash the full potential of Copilot, they turned to Varonis.
“Varonis allowed us to deploy AI,” said Jim Bowie, Tampa General Hospital CISO. “Without Varonis, I don’t think I would have been able to safely green light and recommend Copilot or other AI tools that will crawl our data in the environment.”
Continue reading to discover how TGH safely deployed Copilot and other data security measures with Varonis.
Data security challenges in healthcare
To better understand its petabytes of data, TGH needed to identify where its sensitive information lived, who could access it, and what users did with that access.
Varonis offered TGH real-time visibility and control over its cloud data, helping to reduce its blast radius, improve its security posture through automation, and streamline the Copilot rollout to 10,000 employees.
Varonis was instrumental in allowing us to see all of the data, where it was, and who had access to it.
David Quigley, Identity Protection and Access Manager
Before Varonis, the healthcare org’s IT and security teams manually checked permissions and searched for sensitive data that was open to everyone in the organization.
Jim and David agree that Varonis checked all the boxes in turning these tedious tasks into automated outcomes.
“Varonis makes it easy,” David said. “Varonis has an intuitive dashboard where we can go in and see all our files and what is shared externally. Rather than hunting and finding every file that might be a problem one day, it’s all right there.”
With deep visibility now part of TGH’s data security, the team prepared to deploy Copilot to its healthcare staff.
Ensuring AI readiness
Safely rolling out gen AI requires a significant and ongoing commitment.
As orgs create and modify information and employees change roles, problems like permissions creep, sharing links, and files open to everyone are bound to occur.
For organizations bringing on gen AI, Jim stresses the importance of automation.
“If you’re going to use gen AI in your organization, you need to clean up your data – your permissions, shares, and exposures. That's a massive project,” Jim said. "Without automation, you’re going to do this project over and over again.”
Together, Varonis and Microsoft help organizations like TGH roll out AI confidently while continually assessing and improving its Microsoft 365 data security posture before, during, and after deployment.
David highlighted Varonis’ critical role in TGH’s AI readiness and in equipping them with the confidence to roll out the tool.
As long as we have Varonis, I feel that we’re prepared for whatever gen AI wants to throw at us.
David Quigley, Identity Protection and Access Manager
“We’ll be able to look at that data, understand it, be able to classify it, and be able to mitigate any issues with oversharing and permissions,” David said. “With Varonis on our side and gen AI, I feel very prepared. Again, it wouldn’t be possible without it.”
A first line of defense with Varonis MDDR
TGH’s in-house cybersecurity team is also supported 24x7x365 by Varonis Managed Data Detection and Response (MDDR), the first-ever managed service dedicated to stopping threats at the data level.
Jim said MDDR is a major component of the hospital’s cybersecurity strategy and allows them to act quickly when incidents arise.
“Varonis will call us directly when they’re doing their investigations, and MDDR is critical to rapid response and remediating virtually any incidents. It’s a lot easier to keep a room clean than to keep cleaning it every day after you’ve made it dirty,” he said.
Deploy Copilot with confidence.
Ready to begin your AI journey and roll out Copilot at your organization? Start with our free Copilot Security Scan.
This assessment summarizes your Copilot data security risks and delivers practical advice for an effective generative AI rollout.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.