Artesia General Hospital

A hospital bed isn’t the first place you’d expect cybersecurity to matter, but it’s where the consequences of a cyberattack are most impactful. If charting systems freeze, lab results are delayed, or imaging is inaccessible, patient care slows. In a field where seconds count, those digital disruptions quickly become clinical ones.  

But cyber-attacks on healthcare organizations continue to rise – prime targets for nation-states and criminal groups using AI to craft phishing campaigns at scale, launch ransomware faster, and probe for weaknesses at machine speed. Eric Jimenez, Chief Information Officer at Artesia General Hospital, says for healthcare providers, digital resilience has become as critical as infection prevention or surgical protocols.  

“Cybersecurity has moved beyond the IT department – it’s now a frontline patient safety issue. Our mission at Artesia is to make sure technology never becomes the weak link in delivering care.”  

The nonprofit community hospital, located in southeastern New Mexico, serves patients across a 200-mile radius through its acute care hospital and 16 associated clinics. Artesia has long been recognized for its clinical quality, but equally important is the hospital’s ability to ensure technology keeps pace with the demands of modern medicine.

Challenges of a digital-first healthcare system

Over his decade of leadership at Artesia, Jimenez has transformed IT from an outsourced service into a robust in-house department built on the principle that secure, reliable technology is essential to patient care. However, when he first joined the organization, like many hospitals, Artesia faced the dual pressures of digital transformation and rising cyber risk.

• Limited visibility. Artesia could track the traffic entering and leaving its network but had little insight into what was happening inside, leaving Artesia vulnerable to lateral movement from attackers already in the system.
• Growing attack surface. The move to electronic health records (EHRs) promised faster, more connected care, but it also opened up new avenues for attack. Add in connected medical devices, cloud services, and remote care platforms, and the hospital’s digital footprint became harder to manage and protect.

“When we started our EHR journey, we quickly realized cybersecurity had to evolve alongside it,” Jimenez says.

Jimenez set out to tackle his initial network security concerns, evaluating several vendors with one central requirement: understanding east-west traffic. “We wanted to know where our bytes were going,” Jimenez recalls. “Instead of digging through logs and guessing, we needed a tool that could tell us – clearly and quickly – what was happening inside our network.”

Artesia ran proof-of-value (POV) tests with three security vendors to uncover the root cause of unexplained network slowness and erratic device behavior its antivirus tools weren’t catching. “Darktrace quickly found malware that no other tool could identify,” Jimenez explains. “None of the other vendors we looked at could give us that level of visibility.”

From pilot to platform defense with AI

As Artesia modernized other aspects of its IT environment, including migrating email and collaboration systems to Office 365, Jimenez’s team continued to evaluate different options and capabilities, including Darktrace’s Self-Learning AI. “Every time we conducted a test, Darktrace detected the anomalies first,” says Jimenez. “Sometimes the other solutions would catch up hours later, but by then we’d already dealt with the threat.”

That depth and speed of detection come from Darktrace’s Self-Learning AI that catches nuances other tools miss. It learns and understands what behaviors are normal and not normal, not just for healthcare, but for Artesia’s organization based on its own operational data. For example, Darktrace could learn that it is normal for specific doctors to regularly download large imaging files, but if a receptionist is downloading far more data than usual this would be flagged as anomalous. These anomalies are then analyzed alongside other network events to determine what is suspicious and potentially malicious, alerting teams to activity that is of interest.

What started as a project focused on east-west network traffic has since grown into full-platform protection. Today, Artesia relies on the Darktrace ActiveAI Security Platform to safeguard:

• Cloud services like Office 365, securing patient communication and collaboration.
• Medical IoT devices across clinics and the hospital campus, reducing the attack surface.
• Remote care technologies supporting patients beyond the main hospital walls.
• Electronic health records (EHRs) and critical on-premises infrastructure.

With Darktrace now protecting Artesia’s entire digital ecosystem – from network to cloud to IoT – the hospital has gained both peace of mind and measurable efficiencies across its security operations.

Stronger, faster security with existing lean team

Darktrace autonomously investigates 94% of Artesia’s network threats on average, delivering 24/7 protection, reducing false positive alerts, and multiplying the impact of the lean security team without adding headcount – adding the equivalent of 482 analyst hours on investigations within a single month alone.

Darktrace's Cyber AI Analyst™, a sophisticated agentic AI system capable of conducting autonomous investigations, filtering out noise, and surfacing only the most relevant alerts. "We no longer have to babysit and manually investigate false alarms,” explains Jimenez. “If Darktrace alerts us, we know we need to look at it right away. That confidence has been a huge change.” When analysts do need to review an alert, Darktrace instantly gives them the information and context they need, eliminating manual sleuthing to enable faster investigations."

Resilience at machine speed

Darktrace’s autonomous detection and response has dramatically fortified Artesia’s security posture. Over six months, Darktrace / NETWORK conducted more than13,000 autonomous investigations, detected and contained 1,141 behaviors indicative of an attack, and averaged a 24.1-second time to containment. That kind of speed is impossible to match manually.

Defending without disrupting care

Perhaps most importantly for Artesia, Darktrace enables precise, autonomous responses, containing threats before they can escalate. Instead of shutting down an entire network during a potential incident, the platform can isolate a single device or account. That means patient care continues uninterrupted, even when threats emerge.  

Building confidence through compliance

Darktrace’s clear reporting and analytics give Artesia’s leadership and compliance officers the visibility they need to demonstrate patient data protection. Beyond stopping threats, Darktrace provides assurance that the hospital’s systems and records remain secure –building trust across the organization and with regulators.

The future of AI in healthcare: Improving care, not replacing it  

With day-to-day cybersecurity operations stabilized, Jimenez and his team are focused on fine-tuning defenses and exploring how AI can support broader healthcare operations. “Darktrace gives us the breathing room to think about what's next, not just what's urgent.”  

Over the next few years, Artesia plans to expand AI to support broader healthcare operations – targeting cloud integration, API development, and interoperability as key areas of growth. But, at the heart of it all, however, Jimenez says technology should empower clinicians and staff so they can focus on what matters most.

“That’s the true promise of AI in healthcare. Not replacing people, but augmenting their efforts, so that every patient receives safe, timely, and uninterrupted care.”