{"id":19422,"date":"2026-03-24T10:15:41","date_gmt":"2026-03-24T10:15:41","guid":{"rendered":"\/cybersecurity-blog\/?p=19422"},"modified":"2026-03-24T10:15:42","modified_gmt":"2026-03-24T10:15:42","slug":"healthcare-success-story","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/","title":{"rendered":"Canada-Based\u00a0Organization\u00a0Health Shared Services\u00a0Accelerates\u00a0SOC\u00a0Investigations\u00a0with ANY.RUN\u00a0"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=healthcare-success-story&amp;utm_term=240326&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;spoke with the Interim CISO&nbsp;and&nbsp;Director of Cyber Operations at&nbsp;<strong>Health Shared Services<\/strong>,&nbsp;who provided&nbsp;insights into&nbsp;how their team&nbsp;addressed&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/soc-staff-shortage-burnout\/\" target=\"_blank\" rel=\"noreferrer noopener\">alert fatigue<\/a>, improved&nbsp;MTTD and MTTR, and strengthened&nbsp;their investigation workflow with ANY.RUN.&nbsp;<\/p>\n\n\n\n<p>In this new addition to our&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/soc-business-success-cases-anyrun\/#\" target=\"_blank\" rel=\"noreferrer noopener\">success story series<\/a>,&nbsp;we&nbsp;explore&nbsp;how the&nbsp;<a href=\"https:\/\/any.run\/by-industry\/healthcare\/\" target=\"_blank\" rel=\"noreferrer noopener\">healthcare<\/a>&nbsp;organization\u2019s&nbsp;SOC team&nbsp;improved detection, triage, and response efficiency while&nbsp;maintaining&nbsp;the existing operational processes.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Organization Overview&nbsp;<\/h2>\n\n\n\n<p><strong>Health Shared&nbsp;Services&nbsp;<\/strong>is a&nbsp;healthcare&nbsp;support organization&nbsp;based in&nbsp;Alberta, Canada.&nbsp;&nbsp;Its&nbsp;SOC team&nbsp;consists of 16 analysts&nbsp;with approximately 130,000 endpoints and 160,000 employees to secure.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key&nbsp;Challenge:&nbsp;Limited Threat Visibility During Investigations&nbsp;<\/h2>\n\n\n\n<p>For&nbsp;SOCs&nbsp;supporting large&nbsp;organizations,&nbsp;it\u2019s&nbsp;critical to recognize&nbsp;the time&nbsp;to&nbsp;scale&nbsp;to&nbsp;keep pace with growing infrastructure&nbsp;and&nbsp;current threat landscape.&nbsp;&nbsp;<\/p>\n\n\n\n<p>At Health Shared Services, the security team eventually traced several operational issues back to a single underlying limitation: their&nbsp;previous&nbsp;solution did not provide enough visibility into what suspicious files and URLs&nbsp;actually did&nbsp;after execution.&nbsp;<\/p>\n\n\n\n<p>Analysts often lacked the behavioral context needed to quickly understand whether a threat was real and how it could&nbsp;impact&nbsp;their environment.&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong><em>\u201cMissing critical pieces of information for executed samples reduced our time to investigate, which was frustrating and preventable.\u201d<\/em><\/strong>&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<p>Without detailed behavioral insights, faced several consequences:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Extended incident resolution time:\u00a0<\/strong>Limited threat context, e.g., lack of logs and information on executed payloads in\u00a0their\u00a0previous\u00a0solutions, increased MTTR, leaving the infrastructure more exposed to potential threats.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Limited time for proper investigation:\u00a0<\/strong>Missing critical pieces of information on analyzed samples also led to rushed decisions, leaving little room for deeper insights.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Team morale challenges:\u00a0<\/strong>Visibility gaps that could have been addressed with a more context-rich solution led to frustration and fatigue among SOC team members.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>That\u2019s&nbsp;why when Health Shared Services\u2019&nbsp;previous&nbsp;security&nbsp;solution expired, the&nbsp;team\u2019s&nbsp;leader&nbsp;took the opportunity to reassess their&nbsp;approach and&nbsp;look for a solution that could support their work&nbsp;better.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why&nbsp;Health Shared Services&nbsp;Chose&nbsp;ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>When searching for a new\u00a0security\u00a0solution, the organization\u2019s Interim CISO\u00a0considered several\u00a0key\u00a0factors:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Community reputation<\/strong>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost efficiency<\/strong>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Investigative capabilities<\/strong>\u00a0<\/li>\n<\/ul>\n\n\n\n<p>According to the security leader, ANY.RUN\u2019s Interactive Sandbox&nbsp;stood out in each of these areas.&nbsp;<\/p>\n\n\n\n<p>The solution&nbsp;is acknowledged and&nbsp;frequently&nbsp;recommended among cybersecurity experts,&nbsp;remains&nbsp;a&nbsp;reasonably priced&nbsp;option&nbsp;for enterprise teams, and&nbsp;provides&nbsp;unique capabilities not commonly offered by other solutions.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">Deeper visibility<\/span> drives <span class=\"highlight\">faster investigations.<\/span> <br>\nBuild a better SOC with ANY.RUN.\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=healthcare-success-story&#038;utm_term=240326&#038;utm_content=linktoenterprise#contact-sales\" rel=\"noopener\" target=\"_blank\">\nIntegrate ANY.RUN in your\u00a0SOC\u00a0\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>Decision-makers at the healthcare organization&nbsp;also viewed&nbsp;ANY.RUN\u2019s sandbox&nbsp;as more than a&nbsp;solution&nbsp;that simply&nbsp;facilitates&nbsp;malware analysis, but&nbsp;a driver for better metrics across SOC processes:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong><em>\u201cANY.RUN provided not only the fundamentals needed to complete our investigations but also improved our mean time to resolve incidents.\u201d<\/em><\/strong>&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">How Health Shared&nbsp;Services&nbsp;Implemented ANY.RUN\u2019s Sandbox&nbsp;<\/h2>\n\n\n\n<p>The organization\u2019s Interim CISO shared that&nbsp;when implementing ANY.RUN\u2019s solution,&nbsp;the team&nbsp;didn\u2019t&nbsp;need to redesign their core processes.&nbsp;Instead,&nbsp;the SOC refined&nbsp;their investigation cycle and&nbsp;reached&nbsp;better&nbsp;results without significant workflow changes.&nbsp;<\/p>\n\n\n\n<p>They saw&nbsp;improvements across several operational areas&nbsp;since adopting ANY.RUN:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Better detection:\u00a0<\/strong>detailed\u00a0threat data empowers\u00a0analysts to process incidents with higher accuracy.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stronger triage:\u00a0<\/strong>low false-positive rate (FPR)\u00a0makes\u00a0it easier and faster\u00a0to process alerts.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster\u00a0response:\u00a0<\/strong>efficient reporting and behavioral artifacts\u00a0support\u00a0more confident decisions.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>The Interim CISO noted that the&nbsp;solution&nbsp;also improved the team\u2019s ability to communicate investigation findings to leadership:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong><em>\u201cIt enhanced our team\u2019s time to complete investigations and aided us in providing specific details for executive questions.\u201d<\/em><\/strong>&nbsp;<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Performance Impact&nbsp;&nbsp;<\/h2>\n\n\n\n<p>By executing suspicious files in ANY.RUN and reviewing behavioral artifacts, analysts were able to gather the context that had previously been missing during investigations.&nbsp;<\/p>\n\n\n\n<p>From a leadership standpoint, the most important improvement has been the impact on SOC performance metrics and investigation confidence. For analysts, this looks like the ability to understand threats faster and deeper.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Key benefits\u00a0observed\u00a0by the SOC team<\/strong>\u00a0<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-285\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"3\"\n           data-rows=\"4\"\n           data-wpID=\"285\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Metric-based impact\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Operational benefits\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:33.333333333333%;                    padding:10px;\n                    \"\n                    >\n                                        Human-centric values\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Lower MTTD and MTTR\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0High-confidence decision-making\u00a0\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Reduced alert fatigue\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Higher alert closure rate\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Faster investigations\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0Intuitive and user-friendly interface\u00a0\u00a0\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Maintained SLA compliance\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0Transparent and structured reporting\u00a0\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        \u00a0Clear insights for analysts and leadership\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-285'>\ntable#wpdtSimpleTable-285{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-285 td, table.wpdtSimpleTable285 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p>Through these outcomes, the team was able to strengthen their ability to&nbsp;respond&nbsp;to security incidents effectively, covering all key challenges they had to face, from alert fatigue to high MTTR.&nbsp;&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;<strong><em>ANY.RUN has bettered our SOC\u2019s key metrics like MTTD and MTTR by providing a mature solution to sandboxing that is both well received by executives and the analysts.<\/em><\/strong>&#8221;\u00a0<\/p>\n<\/blockquote>\n\n\n\n<p>The organization continues to use ANY.RUN and plans to integrate our solutions with&nbsp;their&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/integrating-sandbox-into-soar-workflows\/\" target=\"_blank\" rel=\"noreferrer noopener\">SOAR platform<\/a>&nbsp;in the future.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nStrong SOC starts with confident decisions.<br>\nImprove your investigation cycle <span class=\"highlight\">across processes<\/span> today.\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=healthcare-success-story&#038;utm_term=240326&#038;utm_content=linktoenterprise#contact-sales\" rel=\"noopener\" target=\"_blank\">\nIntegrate into\u00a0your\u00a0SOC\u00a0<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>For Health Shared Services, adopting ANY.RUN strengthened their existing SOC operations without requiring major workflow changes.&nbsp;<\/p>\n\n\n\n<p>This case highlights how large enterprises across industries&nbsp;benefit&nbsp;from deep threat context, real-time behavioral insights, and efficient reporting ANY.RUN offers.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, integrates seamlessly into modern SOC operations. It supports investigations from triage to incident response, improving metrics like DR and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/soc-leaders-playbook-faster-mttr\/\" target=\"_blank\" rel=\"noreferrer noopener\">MTTR<\/a>.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=healthcare-success-story&amp;utm_term=240326&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>&nbsp;aids in deep threat behavior observation, while threat intelligence solutions&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=healthcare-success-story&amp;utm_term=240326&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=healthcare-success-story&amp;utm_term=240326&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>&nbsp;empower analysts with rich community-sources context.&nbsp;<\/p>\n\n\n\n<p>Over 600,000 SOC analysts across 15,000+ teams rely on ANY.RUN&#8217;s solutions.&nbsp;<a href=\"https:\/\/any.run\/compliance\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=healthcare-success-story&amp;utm_term=240326&amp;utm_content=linktocompliance\" target=\"_blank\" rel=\"noreferrer noopener\">SOC 2 Type II certification<\/a>&nbsp;allows&nbsp;us to protect customer data and&nbsp;maintain&nbsp;strong security controls.&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN&nbsp;spoke with the Interim CISO&nbsp;and&nbsp;Director of Cyber Operations at&nbsp;Health Shared Services,&nbsp;who provided&nbsp;insights into&nbsp;how their team&nbsp;addressed&nbsp;alert fatigue, improved&nbsp;MTTD and MTTR, and strengthened&nbsp;their investigation workflow with ANY.RUN.&nbsp; In this new addition to our&nbsp;success story series,&nbsp;we&nbsp;explore&nbsp;how the&nbsp;healthcare&nbsp;organization\u2019s&nbsp;SOC team&nbsp;improved detection, triage, and response efficiency while&nbsp;maintaining&nbsp;the existing operational processes.&nbsp; Organization Overview&nbsp; Health Shared&nbsp;Services&nbsp;is a&nbsp;healthcare&nbsp;support organization&nbsp;based in&nbsp;Alberta, Canada.&nbsp;&nbsp;Its&nbsp;SOC team&nbsp;consists of 16 [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":19427,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[79],"tags":[57,10,34],"class_list":["post-19422","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-customer-success","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Health Shared Services Case: Stronger SOC with ANY.RUN<\/title>\n<meta name=\"description\" content=\"Insights into how Health Shared Services improved SOC investigations, reduced alert fatigue, and accelerated threat analysis with ANY.RUN.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"k.miroshkina\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/\"},\"author\":{\"name\":\"k.miroshkina\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Canada-Based\u00a0Organization\u00a0Health Shared Services\u00a0Accelerates\u00a0SOC\u00a0Investigations\u00a0with ANY.RUN\u00a0\",\"datePublished\":\"2026-03-24T10:15:41+00:00\",\"dateModified\":\"2026-03-24T10:15:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/\"},\"wordCount\":1062,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Customer Success Story\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/\",\"name\":\"Health Shared Services Case: Stronger SOC with ANY.RUN\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2026-03-24T10:15:41+00:00\",\"dateModified\":\"2026-03-24T10:15:42+00:00\",\"description\":\"Insights into how Health Shared Services improved SOC investigations, reduced alert fatigue, and accelerated threat analysis with ANY.RUN.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Customer Success Story\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/customer-success\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Canada-Based\u00a0Organization\u00a0Health Shared Services\u00a0Accelerates\u00a0SOC\u00a0Investigations\u00a0with ANY.RUN\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"k.miroshkina\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/04f78f3bcaa3504ecd2216d029cf0fa4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/04f78f3bcaa3504ecd2216d029cf0fa4?s=96&d=mm&r=g\",\"caption\":\"k.miroshkina\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/k-miroshkina\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Health Shared Services Case: Stronger SOC with ANY.RUN","description":"Insights into how Health Shared Services improved SOC investigations, reduced alert fatigue, and accelerated threat analysis with ANY.RUN.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/","twitter_misc":{"Written by":"k.miroshkina","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/"},"author":{"name":"k.miroshkina","@id":"https:\/\/any.run\/"},"headline":"Canada-Based\u00a0Organization\u00a0Health Shared Services\u00a0Accelerates\u00a0SOC\u00a0Investigations\u00a0with ANY.RUN\u00a0","datePublished":"2026-03-24T10:15:41+00:00","dateModified":"2026-03-24T10:15:42+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/"},"wordCount":1062,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Customer Success Story"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/","url":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/","name":"Health Shared Services Case: Stronger SOC with ANY.RUN","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-03-24T10:15:41+00:00","dateModified":"2026-03-24T10:15:42+00:00","description":"Insights into how Health Shared Services improved SOC investigations, reduced alert fatigue, and accelerated threat analysis with ANY.RUN.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/healthcare-success-story\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Customer Success Story","item":"https:\/\/any.run\/cybersecurity-blog\/category\/customer-success\/"},{"@type":"ListItem","position":3,"name":"Canada-Based\u00a0Organization\u00a0Health Shared Services\u00a0Accelerates\u00a0SOC\u00a0Investigations\u00a0with ANY.RUN\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"k.miroshkina","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/04f78f3bcaa3504ecd2216d029cf0fa4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/04f78f3bcaa3504ecd2216d029cf0fa4?s=96&d=mm&r=g","caption":"k.miroshkina"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/k-miroshkina\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/19422"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=19422"}],"version-history":[{"count":11,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/19422\/revisions"}],"predecessor-version":[{"id":19435,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/19422\/revisions\/19435"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/19427"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=19422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=19422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=19422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}