Healthcare Innovation Meets Data Security
Wellstar’s AI Adoption Challenge
Wellstar Health System, one of the largest non-profit healthcare providers in Georgia, faced a critical decision point. With a significant Microsoft Copilot Pro deployment expanding rapidly across management tiers, the organization needed to ensure that Protected Health Information(PHI) and other sensitive data remained secure as AI adoption accelerated.
As a healthcare provider committed to protecting patient information, Wellstar wanted to understand their exposure once connecting AI tools to their data environment before proceeding with broader deployment.
Challenge
Rapid Copilot Adoption Highlighted Oversharing Vulnerabilities
As Wellstar’s Copilot usage grew, with active users performing tens of queries daily, the security team discovered concerning patterns. The AI tool was surfacing sensitive documents that users shouldn’t have had access to, highlighting long-standing governance challenges across Microsoft 365.
Key challenges included:
🔴 Healthcare Data Protection
Patient data potentially accessible to unauthorized personnel through Copilot queries
🔴 Widespread Oversharing
SharePoint sites containing sensitive financial, operational, and healthcare data
🔴 Insider Threat Exposure
Due to the oversharing challenges, Mike needed to understand if there were specific individuals that were more exposed and could become targets for a data breach
🔴 Regulatory Vulnerability
Potential violations of healthcare data governance requirements
Solution
Proactive Risk Assessment and Comprehensive Remediation with Opsin Security
Wellstar partnered with Opsin Security to conduct a comprehensive risk assessment before broader Copilot deployment. Opsin’s platform provided deep visibility into the Microsoft 365 environment, including SharePoint, Teams, and OneDrive, focusing specifically on what Copilot could access and how it might expose sensitive healthcare data.
Opsin enabled Wellstar to proactively secure their environment through:
➡️ Healthcare-Focused Risk Discovery
Opsin used various employee profiles to understand what could be exposed to these roles. The assessment identified exposure across different M365 services that included sensitive data that needed to be restricted to only the relevant individuals.
➡️ Comprehensive Remediation Workflows
Opsin delivered actionable remediation guidance that helped Wellstar’s GRC team systematically reduce overall exposure to sensitive data in Copilot while maintaining operational efficiency and patient care workflows.
➡️ Multi-Stakeholder Remediation
Opsin enabled Wellstar to distribute remediation tasks across IT, security, and business teams through clear, step-by-step workflows, preventing IT bottlenecks while maintaining centralized security oversight.
Results
Secure AI Innovation at Healthcare Scale
With Opsin, Wellstar transformed from uncertainty to confidence, securing critical healthcare data while enabling responsible AI adoption:
✅ Risk Visibility Achieved
Identified and prioritized the main security challenges around oversharing across the Microsoft 365 environment
✅ Healthcare Data Protection Strengthened
Strengthened the minimum necessary rule of health data accessibility with guardrails
✅ Confidence to Increase Copilot Deployment
Planning to expand Copilot deployment while continuously monitoring and remediating oversharing beyond the risk assessment
✅ Operational Efficiency
Delegated remediation workflows reduced burden on central IT and security teams
Looking Forward
Leading Healthcare AI Innovation Responsibly
As Wellstar continues expanding its Copilot deployment, the foundation established with Opsin enables the organization to explore AI use cases confidently, without compromising patient privacy or regulatory compliance.
Wellstar is now partnering with Opsin to continuously monitor for oversharing and abuse of Copilot against their AI usage policy, and continue to push adoption of AI and innovate while maintaining their position as a leader in healthcare technology.
