Ensemble: Weaving Cyber Resilience Into the Revenue Cycle
If you’re in healthcare, the challenges are all too familiar: razor-thin margins, highly sensitive data, and the pressure to adopt AI quickly—without making headlines for the wrong reasons.
It’s precisely this challenging landscape where Ensemble has carved out its niche. And it’s where Nancy Phillips, Ensemble’s Chief Information Security Officer, focuses her efforts: ensuring revenue keeps flowing while keeping cyber threats at bay.
During a recent discussion, she explained Ensemble’s origin story simply. The company was founded to solve a very particular healthcare challenge:
“Ensemble was built to support healthcare revenue cycle management operations. Hospital finances are extremely tight… The core mission is to help these organizations achieve stronger financial results through improved revenue cycle management.”
Ensemble handles the full spectrum—from patient scheduling and check-in, through clinical encounters, to coding, billing, and authorizations. Essentially, it manages all the behind-the-scenes processes that determine whether a hospital survives financially or has the resources to reinvest in its community.
“The goal is that by partnering with Ensemble—which brings operational support, technology applications, and deep expertise—we can deliver better outcomes for the hospitals and health systems we work with, enabling them to prioritize patient safety while boosting revenue and better serving their communities.”
For security professionals, the takeaway is clear: this is an external partner embedded in your most critical operational and financial workflows. If they fall short, you bear the consequences. But if they deliver, they can become a genuine pillar of your resilience strategy.
Protecting the Revenue Engine
Ensemble handles patient and financial data from numerous healthcare organizations. That’s both a significant responsibility and a potential risk. Nancy is straightforward about the weight of that trust:
“We’re entrusted with their patient data to manage the entire revenue and management lifecycle. From a security standpoint, our priority is ensuring that patient data is properly protected and used only as intended—to support our clients and help Ensemble remain compliant with all applicable regulations.”
If your mind went to HIPAA, you’re on the right track. But Ensemble doesn’t stop there.
“Our organization holds HITRUST certification, because it’s vital for our clients to know they can trust us with their data—that we maintain the right controls and provide those assurances. Research shows that HITRUST-certified organizations are statistically better protected than most in the healthcare sector.”
Many vendors treat certifications as a one-time badge of honor, as if a single audit guarantees permanent security. Nancy’s perspective is far more grounded—and far more valuable for CISOs navigating real-world risks.
Moving From Snapshots to Ongoing Assurance
What makes Ensemble’s approach noteworthy isn’t simply that they hold a certification—it’s how they think about evolving beyond a one-time checkmark.
“Earning a HITRUST certification means you can demonstrate your controls are in place at a specific moment. But reaching the next level of maturity means continuously proving both the effectiveness and the completeness of those controls—and both dimensions matter.”
She highlights the exact gap that has tripped up many supposedly “compliant” organizations:
“You hear it repeatedly. Organizations have controls in place, but there was this small segment—maybe 2%—that wasn’t covered. The question is: how do we ensure 100% coverage wherever it’s needed?”
This is where automation and AI become genuinely important—not as marketing buzzwords, but as practical tools for reducing risk and shrinking the window of exposure.
Automation: A Necessity, Not a Nice-to-Have
Ensemble has long used automation on the business operations side of revenue cycle management, and Nancy is driving equally aggressive adoption on the security side.
When it comes to defensive operations:
“From a pure security perspective, automating detection and remediation dramatically shrinks response times. We’re not talking hours or potentially days—in some cases, we’re down to seconds and minutes.”
Anyone managing a SOC understands that the gap between detecting a threat and actually resolving it is where real damage occurs. Compressing that window from days to minutes isn’t just an efficiency gain—it’s the difference between a routine incident and a damaging breach disclosure.
She’s also automating how they verify controls:
“We want our people operating at the highest level of their expertise. That means automating anything repetitive or recurring—report generation, dashboard creation. These are all priorities on our roadmap this year.”
If you tally that up, it addresses three pain points that most CISOs consistently raise:
- Detection and response processes that drag on too long
- Assurance activities that are overly manual and lack depth
- Highly skilled staff bogged down with low-value reporting work
Ensemble is tackling all three head-on with automation.
Applying AI to the Mundane (Yet Mission-Critical) Work
Ask ten vendors how they “leverage AI” and you’ll likely get nine slides heavy on stock imagery. Nancy’s example is refreshingly specific—and much closer to what most CISOs actually need.
She walks through the vulnerability management challenge, which in many organizations still relies on spreadsheets, institutional knowledge, and endless copy-pasting.
“You have vulnerabilities coming in from multiple sources. The task is to deduplicate them all. Previously, you’d need people manually determining how each specific vulnerability should be addressed. Now, an agent can handle all of that.”
Rather than having an analyst spend hours sorting through data, researching fixes, and creating tickets, the entire pipeline is automated:
“Tasks that once took an associate hours—sifting through data, extracting meaningful insights, and generating actionable tickets for the teams—are now fully automated.”
The next phase is where things get truly compelling—and where many CISOs start to feel a bit uneasy:
“The next frontier is taking action directly. As we build confidence in the accuracy of the ticketed information, we can begin automating the remediation itself—integrating with systems to auto-remediate where appropriate.”
To be clear, this isn’t AI generating polished summaries. This is AI and automation driving real changes in production environments—methodically and incrementally.
as trust grows.
Nancy is practical about their rollout approach:
“We’re steadily moving toward that by using agents. And we’re introducing it one department at a time, one person at a time right now.”
If you need a blueprint to follow, that’s a solid one: begin small, learn from the experience, earn trust, then expand step by step.
AI Represents the Next Cloud Breakthrough for Security
Nancy offers a comparison that will strike a chord with any security leader who experienced the early wave of cloud migration.
“Just as Cloud transformed data centers, AI is transforming how we think about security. Organizations truly need to be open to rethinking how they’ll tackle the problem and build their teams going forward.”
The catch, naturally, is that while everyone is focused on what’s ahead, today’s demands aren’t going anywhere. Teams still need to resolve tickets, patch systems, pass audits, and handle incidents.
“The struggle is that we still have to handle the day-to-day maintenance. How do I focus on innovation and give my team room to work toward that future, while also ensuring we maintain complete coverage and effectiveness across the organization?”
Her solution is direct: automate the routine maintenance relentlessly so people can focus on what comes next.
“I’d say the priority this year, or over the next six months, is to automate as much as possible right now, so that automation handles the pure maintenance work, and to really push and collaborate with your teams to innovate on what the next era of security will look like.”
Managing the Flood of AI Tools
If it seems like a brand-new AI security tool lands in your inbox every week, you’re not imagining it. Nancy observes the same pattern within enterprises that vendors tend to present as purely positive.
“There are so many breakthroughs happening and so many tools becoming commoditized. We even saw it when cell phones entered the enterprise. People wanted that technology and wanted to push boundaries, and it’s the same with AI. New tools are launching constantly, and people want to use them.”
The real challenge for CISOs isn’t simply blocking or approving tools; it’s genuinely understanding how they’re being used and how data moves through them.
“That visibility component is critical. You need to not only understand how the tools are being used within your organization, but you also need to understand the broader tool ecosystem. Sometimes you assume the controls you have in place across your ecosystem carry over, and sometimes they do and sometimes they don’t. You really need to gain that visibility and develop that understanding, one tool at a time.”
She also raises a point that many procurement checklists overlook. Simply asking whether a vendor “has cybersecurity” is no longer sufficient.
“As new technology enters the organization, it’s not just a simple matter of asking whether you have cybersecurity in place or whether you hold a HITRUST certification. It’s truly about understanding how your data is being handled in these AI environments and how those tools leverage AI, and discussing that protection from their ecosystem outward, on top of your own.”
When Your Vendor Becomes Part of Your Business Continuity Strategy
One of the more compelling aspects of Ensemble’s model is how they can serve as an extension of a hospital’s recovery and continuity capabilities.
Nancy’s colleague encouraged her to discuss high-profile incidents like the Change Healthcare attack and other disruptions that have cascaded through hospitals. Those events highlight what happens when a single link in the healthcare revenue chain goes offline.
Nancy’s response illustrates how Ensemble thinks beyond its own boundaries.
“From Ensemble’s standpoint, we approach business continuity holistically. Not only what can we do for ourselves to ensure we can recover quickly, but how do we also help our clients recover quickly?”
She notes that Ensemble typically isn’t the system of record for clinical care. That remains the electronic medical record system the provider relies on. But Ensemble maintains a copy of essential revenue cycle data.
“We receive a portion of that data. What we’ve discovered through past incidents is that we can serve as an extension of a client’s continuity program when their systems are impacted. We can operate independently of their systems because we have certain information and can continue those operations on behalf of clients while they’re restoring their ecosystem.”
This isn’t just hypothetical. Ensemble is investing in stronger disaster recovery and continuity capabilities, not only for its own environment but for the wider ecosystem.
“We’re investing in more and more disaster recovery and continuity capabilities to not only help clients carry out revenue cycle operations while they’re recovering, but also because there’s a significant third-party ecosystem we depend on in the patient care continuum. How do we also help our clients keep data flowing downstream during that process?”
She extends that thinking to Ensemble’s own recovery posture:
“How does Ensemble have a recovery capability that can be quickly activated and certified, so that clients can connect to that ecosystem while Ensemble itself is recovering? We need that entire downstream ecosystem to be supported. We’re looking at it from both angles, which I think sets Ensemble apart, to really consider not only ourselves, but how we empower our clients if the worst happens.”
There’s a subtle yet important takeaway here for CISOs evaluating third parties. A vendor that simply says “we have backups” is very different from one that can serve as an alternative operations pathway when your own systems are down.
Key Takeaways for CISOs
If you cut through the marketing language, Ensemble is doing three things that should resonate with CISOs and security leaders across industries, especially in healthcare:
- They’re converting automation and AI into tangible, operational time savings in detection, remediation, and vulnerability management, rather than just layering on more dashboards.
- They’re shifting from static compliance thinking to continuous validation and full coverage goals, which is precisely what attackers compel you to do.
- They’re designing their role in the revenue cycle so they can act as a resilience asset during a crisis, not just another third party you have to manage the fallout from.
For healthcare CISOs, the revenue cycle isn’t just a finance function. It’s how your organization survives. If that stops, nothing else you’re protecting stays funded for long.
Call to Action for CISOs
If you’re a CISO or senior security leader in healthcare, here are a few practical next steps to consider:
- Map where your revenue cycle data flows today and identify which partners, like Ensemble, could actually support you during a major outage rather than simply going offline alongside everyone else.
- Push your vendors to talk less about certifications and more about how they’re performing continuous control validation, automation in detection and remediation, and AI-driven vulnerability management that you can verify.
Then, go one level deeper with
Specifically, ask how their AI and automation strategy fits with yours, how their continuity capabilities could strengthen your own, and how their HITRUST-based control environment can mitigate real-world risk rather than just checking boxes on a questionnaire.
In a landscape where threat actors are already leveraging their own “automation” and “AI,” you simply can’t afford to work with partners who are still stuck in a manual, point-in-time mindset. Ensemble is positioning itself as the kind of revenue cycle partner that thinks like a modern security team, not a traditional billing operation. For CISOs, that kind of understated innovation can be the difference between a strong incident response narrative and a weak one when things go wrong.
Author’s Note
The author spoke with Nancy Phillips, Chief Information Security Officer at Ensemble, via Zoom shortly after the RSAC 2026 Conference to discuss how her team is tackling AI, automation, and cyber resilience within the uniquely complex environment of healthcare.
For more information, please visit www.ensemblehp.com.
About the Author
Pete Green is the CISO/CTO of Anvil Works, a ProCloud SaaS company, and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs).” With more than 25 years of experience in information technology and cybersecurity, Pete is a highly seasoned and accomplished security professional.
Over the course of his career, he has held a broad spectrum of technical and leadership positions, including LAN/WLAN Engineer, Threat Analyst, Sales Engineer, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, Virtual/Fractional CISO, and CISO.
Pete has served clients across a wide range of industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
