Skip to main content
ThreatConnect Acquires Polarity to Transform How Security Uses Intelligence
Press Release
Request a Demo

Large Hospital and Healthcare System – Phishing Automation and Bulk Importing and Enrichment of Indicators



Company Type

Hospital System

Company Size

50 Hospitals across 7 states

a group of doctors and nurses are looking at a tablet

Learn about persistent threats, lessons for the future, and how ThreatConnect is working to protect its customers.


This large, multi-state health system’s major challenges involved automating Threat Intelligence collection, IOC enrichment, creating workflow templates, and improving Case Management. The main use cases were around phishing automation and bulk importing and enrichment of indicators (using VirusTotal) and specific scoring criteria based on VirusTotal results.


ThreatConnect’s intelligence-powered security operations capabilities made it possible for the security team to create repeatable playbooks, automated processes and structured workflows that enabled SecOps teams to reduce the number of manual steps they must perform during their day-to-day responsibilities. There were nearly a dozen tool integrations involved in this ThreatConnect solution.


By deploying ThreatConnect, the client was able to:

  • Automate Phishing Attack Response:
    • Using Playbooks (ThreatConnect’s Orchestration and Automation Capability), the security team automated Phishing Analysis, Triage, and Response, reducing the time it took from more than 3 hours to just minutes.
  • Automate Threat Intelligence Collection: 
    • ThreatConnect’s Threat Intelligence Platform (TIP) functionality enabled the security team to automate the collection from their various intel sources, both internal and external.
  • Conduct IOC Enrichment: 
    • A Playbook was built that allowed the security team to eliminate the painful, time-consuming process of trying to understand what thousands of IOCs meant to their enterprise.
  • Improve Case Management: 
    • By enabling Workflow, the security team was able to create templates and standardize their course of action for Phishing Triage and Response.