Innovator Spotlight: Ensemble – Cyber Defense Magazine

Ensemble: Building Cyber Resilience Into The Revenue Cycle

If you work in healthcare, you already know the punchline. Margins are thin, data is sensitive, and everyone wants to move fast with AI without ending up on the front page for the wrong reasons.

That tension is exactly where Ensemble has built its business. And it is where Nancy Phillips, Chief Information Security Officer at Ensemble, spends her days thinking about how to keep revenue flowing while keeping attackers out.

In a recent conversation, she put it simply. Ensemble was created to fix a very specific problem in healthcare:

“Ensemble was created to assist with the healthcare revenue cycle management operations. Financials at hospitals are very thin… The whole idea is to be able to help those organizations get better outcomes through that revenue cycle management process.”

Ensemble focuses on everything from scheduling to check in, the clinical encounter, coding, billing, and authorizations. In other words, all the unglamorous plumbing that decides whether a hospital is on life support financially or can actually reinvest in its community.

“The idea is by bringing in Ensemble, which offers operations, applications and expertise, we can drive better outcomes for the hospitals and health systems we serve, so they can focus on patient safety, while increasing their revenue and serving their communities better.”

For the security leaders reading this, that means one thing: this is an external partner sitting in the middle of your most sensitive operational and financial flows. If they get it wrong, you feel the pain. If they get it right, they can actually become part of your resilience strategy.

Securing The Revenue Engine

Ensemble is entrusted with patient and financial data from multiple healthcare organizations. That is both a privilege and a liability. Nancy does not sugarcoat the responsibility:

“We’re entrusted with their patient data to be able to facilitate that whole revenue and management life cycle. For us, it’s really making sure, from a security perspective, that we’re securing that patient data and using it only the way that we’re supposed to be using it, to help our clients and Ensemble stay in compliance with the regulations that govern that data.”

If you are thinking HIPAA, you are right. But Ensemble goes further.

“Our organization is HITRUST certified, knowing that it is important for our clients to know that they can trust this data to us, that we’re going to have the appropriate controls in place and those assurances. We know our HITRUST customers, statistically, are better protected than most in the healthcare organization.”

A lot of vendors like to wave certifications around as if a single audit magically makes them secure forever. Nancy’s view is more mature and more useful for CISOs who live in the real world.

From Point-In-Time To Continuous Assurance

The interesting part of Ensemble’s approach is not that they have a certification. It is how they think about evolving beyond the checkbox.

“It’s one thing to have a HITRUST certification to be able to say, we have our controls in place at this point in time, but going on to that next maturity level, to be able to continuously prove the efficacy of the controls and the comprehensiveness of the controls, both of those things are important.”

She calls out the exact failure mode that has burned more than one “compliant” organization:

“You hear it time and time again. Organizations that have the controls in place, but it was this 2% of the population that wasn’t covered. How do we make sure that the efficacy is 100% coverage in the places that we want it to be?”

That is where automation and AI start to matter, not just as buzzwords but as concrete levers to reduce risk and shrink exposure windows.

Automation As Table Stakes, Not Luxury

Ensemble has long embraced automation in the business operations side of revenue cycle management, but Nancy is pushing just as hard on the security side.

On the defensive operations front:

“If you’re just looking at it from a pure security play, automations in detections and remediation, so that the time to remediate goes significantly down. We’re not hours or potentially days, but seconds and minutes in some cases.”

Anyone running a SOC knows that gap between “detected” and “actually fixed” is where the real damage happens. Cutting that window from days to minutes is not just operational savings. It is the difference between a minor incident report and an ugly breach notification.

She is also automating how they validate controls:

“Anything that we can do to get our talent working at their top level. Automating anything that’s repetitive or recurring, anything that’s report generating, automating anything that’s dashboarding, those are all the initiatives that we have on our plate this year.”

If you are keeping score, that covers three painful categories most CISOs complain about:

1. Detection and response work that takes too long
2. Assurance work that is too manual and too shallow
3. Highly paid people stuck doing low-value reporting tasks

Ensemble is using automation to attack all three.

Putting AI To Work On The Boring (And Critical) Stuff

Ask ten vendors how they “use AI” and you will get nine slides full of clip art. Nancy’s example is more concrete and much closer to what most CISOs actually need.

She describes the vulnerability management problem, which in many organizations still involves spreadsheets, tribal knowledge, and a lot of copying and pasting.

“You have vulnerabilities. It’s bringing in all the vulnerabilities from all those sources, being able to deduplicate them. In the past, you would have to have people that would go in and say, this is how this particular vulnerability needs to be solved for. But now we can have the agent do all that.”

Instead of an analyst burning hours triaging, researching, and ticketing, they are automating the pipeline:

“Things that would have taken an associate hours to be able to sift through, come up with the meaningful information, create the ticket for the teams to action on, is all done through automation.”

The next step is where things get interesting, and frankly where many CISOs start to get nervous:

“That next level is the actioning of that, which is, once we continue to trust the information that is being ticketed, what are those things where we can just go ahead and do and integrate in with the systems to do that auto remediation piece of it as well.”

In other words, this is not just AI writing cute summaries. This is AI and automation making real changes in production environments, carefully and incrementally, as trust builds.

Nancy is pragmatic about how they are rolling it out:

“We’re working more and more towards that through the use of agents. And we’re doing it department by department, person by person these days.”

If you are looking for a pattern to copy, that is a good one: start small, learn, build trust, then scale.

AI Is The New Cloud Moment For Security

Nancy draws an analogy that should resonate with any security leader who lived through the early days of cloud adoption.

“Much like Cloud was to data centers, AI is to the way we approach security. Organizations really need to be willing to think outside the box on how they are going to solve the problem and staff the problem in the future.”

The problem, of course, is that while everyone is talking about the future, the present refuses to go away. Teams still have tickets to close, systems to patch, audits to pass, incidents to resolve.

“The challenge is that we still have to do the daily care and feeding. How do I concentrate and innovate and have time for the team to work towards that, but also make sure that we’ve got that 100% coverage and efficacy across the organization?”

Her answer is straightforward: ruthlessly automate the care and feeding so humans can work on the next chapter.

“I would say the innovation this year or this next six months is really getting as much automated as you can today, so that automation can take care of that pure care and feeding, and to really challenge and work with your teams to innovate on what the next chapter of security is going to look like.”

Navigating The AI Tool Stampede

If it feels like there is a new AI security tool in your inbox every week, you are not imagining things. Nancy sees the same trend inside enterprises that vendors like to pretend is all upside.

“So many advancements are happening and so many tools are being commoditized. We saw that even with the cell phone coming into the enterprise. People wanting that technology and wanting to push the envelope, and that’s the way it is with AI. New tools are coming out all the time, and people want to use them.”

The real work for CISOs is not simply “blocking” or “approving” tools, it is actually understanding how they are used and how data flows.

“That visibility piece is huge. You have to not only understand how the tools are being used within your organization, but you also have to understand the tools ecosystem. Oftentimes you think that the controls you have in place within your ecosystem extend, and sometimes they do and sometimes they don’t. You really have to get that visibility and have that understanding, tool by tool.”

She also makes a point many procurement checklists gloss over. Asking whether a vendor “has cybersecurity” is not enough anymore.

“As new technology comes into the organization, it’s not just an easy, hey, do you have cybersecurity in your organization, and do you have a HITRUST certification. It’s really, truly understanding how your data is being used in these AI environments and how those tools are using AI, and talking about that protection from their ecosystem outward, in addition to your own.”

When Your Vendor Becomes Part Of Your Business Continuity Plan

One of the more intriguing parts of Ensemble’s model is how they can function as an extension of a hospital’s recovery and continuity capabilities.

Nancy’s associate prompted her to talk about high profile incidents like the Change Healthcare attack and other disruptions that have rippled through hospitals. Those events underline what happens when a single point in the healthcare revenue chain goes dark.

Nancy’s response shows how Ensemble is thinking beyond its own walls.

“From an Ensemble perspective, we look at business continuity holistically. Not only what can we do for ourselves to make sure that we can recover quickly, but how do we also help our clients be able to recover quickly?”

She points out that Ensemble typically is not the system of record for clinical care. That is still the electronic medical record system the provider uses. But Ensemble holds a copy of key revenue cycle data.

“We get a copy of a portion of that. What we have found through incidents that have occurred is we can become an extension of a client’s continuity program by the fact that their systems are affected. We can operate outside of their systems because we have some information and can continue that operations on behalf of the clients while they’re restoring their ecosystem.”

That is not just theoretical. Ensemble is investing in more robust disaster recovery and continuity capabilities, not only for its own environment but the broader ecosystem.

“We are investing in more and more disaster recovery continuity type capabilities to not only help the client be able to do revenue cycle operations while they’re recovering, but also, there’s a huge third party ecosystem that we have dependency on in the patient care continuum. How do we also help our clients continue to move data downstream during that process?”

She extends that thinking to Ensemble’s own recovery posture:

“How does Ensemble have a recovery capability that can quickly be stood up and certified, so that clients can connect to that ecosystem while Ensemble itself is recovering? We need that whole downstream ecosystem to be supported. We’re looking at it from both standpoints, which I think is unique for Ensemble, to really think about not only ourselves, but how do we enable our clients should the unfortunate happen.”

There is a subtle but important point here for CISOs evaluating third parties. A vendor that simply says “we have backups” is very different from one that can function as an alternative operations path when your own systems are crippled.

What CISOs Should Take Away

If you strip away the marketing gloss, Ensemble is doing three things that should resonate with CISOs and security leaders across industries, but particularly in healthcare:

• They are turning automation and AI into real, operational time savings in detection, remediation, and vulnerability management, instead of just adding more dashboards.
• They are moving from static compliance thinking to continuous validation and 100% coverage goals, which is exactly what attackers force you to do.
• They are designing their role in the revenue cycle so they can become a resilience asset in a crisis, not just another third party you have to clean up after.

For healthcare CISOs, the revenue cycle is not just a finance function. It is how your organization breathes. If that stops, nothing else you are protecting stays funded for long.

Call To Action For CISOs

If you are a CISO or senior security leader in healthcare, there are a few practical next steps to consider:

1. Map where your revenue cycle data flows today and identify which partners, like Ensemble, could actually support you during a major outage rather than simply going offline with everyone else.
2. Push your vendors to talk less about certificates and more about how they are doing continuous control validation, automation in detection and remediation, and AI-driven vulnerability management that you can verify.

Then, go one level deeper with Ensemble specifically. Ask how their AI and automation roadmap aligns with your own, how their continuity capabilities could extend yours, and how their HITRUST-based control environment can reduce real risk instead of just filling out a questionnaire.

In a world where attackers have their own “automation” and “AI,” you cannot afford partners who are still living in a manual, point-in-time world. Ensemble is positioning itself as the kind of revenue cycle partner that is thinking like a modern security team, not an old-school billing shop. For CISOs, that is the sort of quiet innovation that can make or break your incident response story when things go sideways.

Author’s Note

The author sat down with Nancy Phillips, Chief Information Security Officer at Ensemble, over Zoom shortly after the RSAC 2026 Conference to talk about how her team is approaching AI, automation, and cyber resilience in the uniquely messy reality of healthcare.

For more information, please visit www.ensemblehp.com.

About the Author

Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.

Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Sales Engineer, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, Virtual/Fractional CISO, and CISO.

Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.

He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.