Emory Healthcare operates 11 hospitals and a clinically integrated network serving 26,000 employees across Georgia - which means the attack surface is sprawling. The threat model here is healthcare-standard: HIPAA compliance, ransomware targeting clinical systems, and the operational risk of downtime in environments where EHR access, imaging systems, and connected medical devices directly impact patient outcomes. With 3,800 physicians and over 50 specialty areas generating protected health information at scale, data segmentation and access control aren't theoretical - they're daily operational requirements.
The security function supports both clinical operations and the research side of an academic health system tied to Emory University. That dual mandate means protecting patient data while enabling collaboration across research networks, which introduces federation and data-sharing complexity. The infrastructure spans legacy hospital IT, modern cloud services for analytics, and operational technology in clinical settings - ventilators, infusion pumps, imaging equipment - all of which require different threat modeling than standard enterprise environments.
Established in 1997 and expanded through the Emory Healthcare Network since 2011, the organization has been consolidating what were once independent hospitals into a unified system. That history suggests ongoing integration work: harmonizing security policies, centralizing identity management, and standardizing tooling across acquisitions. The scale and regulatory environment demand mature incident response, vulnerability management across heterogeneous systems, and the ability to operate under the assumption that you're a target.
