Case Study: Nemours Children’s Health System achieves greater visibility and improved detection and response with Cymulate

Nemours Increases Visibility to Improve Detection and Response

Nemours Children’s Health System, led by CISO Jim Loveless, needed better visibility and fewer false-positive alerts to protect patient data and maintain continuous healthcare services against financially motivated threats like ransomware and e‑PHI theft. The security team required a way to evaluate defenses, prioritize remediation, and improve incident response, so they turned to Cymulate’s Breach and Attack Simulation (BAS) to test and validate their controls.

Using Cymulate’s BAS across multiple environments, Nemours immediately optimized its multi‑layer security architecture, practiced realistic incident response exercises, and prioritized fixes more effectively. A single policy change guided by Cymulate blocked roughly half of known exploit techniques and prevented 168 exploits from running on Nemours’ endpoints; the program also reduced false positives, improved remediation prioritization, and increased team productivity—demonstrating measurable gains in detection and response with Cymulate.

Nemours Children’s Health System

Jim Loveless

Chief Information Security Officer