Providence’s Ratliff Says Merging Cybersecurity and Emergency Management Builds Stronger Cyber Resiliency

Providence Health, a nonprofit system spanning seven states with 50 hospitals and 150,000 caregivers, recently restructured its security organization. Mike Ratliff, the CISO, now also heads emergency management, creating a single command for cyber resilience and disaster response. By splitting teams into threat detection, response, security engineering, and a GRC function that now includes attack surface management, the health system can prioritize vulnerabilities alongside clinical priorities, a crucial shift as supply‑chain attacks rise to weekly incidents.

The initiative dubbed Project Oscar brings cybersecurity to the bedside. Ratliff’s team walked through labor‑and‑delivery units and NICUs, documenting every device, workflow, and fallback process. These frontline observations revealed hidden dependencies—such as local log collection on downed networks—and highlighted gaps in badge access and emergency workstations. Aligning technical risk with real‑world patient care enables more accurate critical‑infrastructure inventories and informs business‑continuity plans that can sustain operations during a 30‑day outage.

Tabletop exercises have become a cornerstone of Providence’s strategy. Partnering with the American Hospital Association and the FBI, senior leaders simulate ransomware, natural‑disaster, and supply‑chain scenarios, testing delegation of authority and communication protocols. Integrating platforms like Everbridge ensures that cyber alerts and disaster notifications reach clinicians through familiar channels, reducing confusion during crises. This holistic model—combining executive buy‑in, clinician engagement, and unified communication tools—sets a benchmark for health systems seeking to fuse cybersecurity with emergency management for stronger overall resiliency.