Carlos Branco – Matrix Medical Network

During in-home health care visits, nurses typically provide health assessments, check vitals and run basic tests.

Sometimes, though, emergencies happen. For example, vitals could show rapidly dropping oxygen levels—something that would require an immediate trip to the emergency room. While a nurse could call 911, it often takes too long to connect with a dispatcher in rural areas.

That’s why Matrix Medical Network started using AlertGPS Mobile Safety in August 2022. The app, which is installed on nurses’ tablets and cell phones, dispatches emergency services directly, meaning help can arrive sooner. According to AlertGPS, the company that makes the safety app, nurses are connected to dispatchers within seconds.

Carlos Branco | Chief Information Security Officer | Matrix Medical Network

“We do over 720,000 home visits per year and less than 1 percent result in safety incidents,” says Carlos Branco, Matrix Medical Network’s chief information security officer. “But when those incidents do occur, we want to give our clinicians and patients the most expedited assistance possible.”

Matrix Medical Network, headquartered in Scottsdale, Arizona, provides in-home and telehealth nursing services nationwide. The goal is to increase access to health care services for at-risk patients by meeting them where they are. The organization employs over 3,000 nurse clinicians.

“They’re an incredible and resilient workforce and I’m very proud to work with them,” Branco says. “We have a converged security program, so my role entails protecting their physical safety in addition to the traditional CISO responsibilities related to cybersecurity.”

Safety first

According to Branco, clinicians can press the AlertGPS “SOS” dispatch button if a patient or someone else in the home is being violent, threatening or otherwise making the clinician uncomfortable. Managers can use the app to see where clinicians are.

For example, say a clinician isn’t answering calls or responding to messages. The manager can check if the clinician has been in a patient’s home for too long or has moved to an unscheduled location.

Clinicians can also use the app’s companion mode while walking alone in the dark or through an unsafe neighborhood. It connects to an AlertGPS representative in real time, like a phone call, so clinicians can ask for dispatch if needed. Also, if the representative hears something suspicious and can’t confirm a clinician’s safety, police will be dispatched.

“It allows for much better visibility in the field and allows us to continuously improve safety for our clinicians,” Branco says, adding that the app has aided recruitment. “And we encourage them to use companion mode any time they feel unsafe, even if they’re not at work.”

He says the push for increased safety measures came from Matrix Medical Network’s CEO, Catherine Tabaka, as the company expanded in-home visits in 2022 after pausing during the COVID-19 pandemic. Branco says AlertGPS was able to set up accounts and train all 3,000 clinicians, plus managers, within a month.

“AlertGPS was a great partner in this,” he says. “As a CISO, I’m always looking for ease in rolling out new software, and they delivered.”

Adaptable security

In addition to increasing physical safety measures, much of Branco’s time is focused on protecting data. For instance, when the COVID-19 pandemic started and Matrix Medical Network began offering telehealth, he ensured the platform was encrypted and complied with the Health Insurance Portability and Accountability Act.

During the early days of the pandemic, the company also expanded into commercial services by doing on-site COVID testing for corporations; it’s since stopped offering these services.

Matrix Medical Network first conducted testing at food processing companies that had federal mandates to continue operating, including Tyson Foods and Smithfield Foods. It then worked with media companies, such as Disney and ESPN. Branco and his team worked with the IT teams at these companies to securely share information and review cybersecurity measures.

More recently, the team has been securing data in the cloud. They moved the company to Microsoft Azure in January 2022 and Branco expects to have data centers migrated there in 2024.

“Traditionally we’ve had an on-premise data center because of regulations, specifically HIPAA, so we’ve been cautious about adopting cloud technology,” he says. “But under the leadership of Tom Catchings, who’s the CIO, we’ve really been able to accelerate cloud adoption in a way that’s more secure.”

The team has also implemented a 24/7 security operations center, partnering with Rapid7’s Managed Detection and Response service. Previously, if Matrix Medical Network was hacked in the middle of the night, an alert would be sent to an off-duty analyst. Now, automated AI response provides immediate defensive capabilities, he says.

“It’s a real indication of how much this organization values the safety and privacy of our patients with how seriously they’ve taken these initiatives,” Branco says.

Cyber career

Branco has worked in cybersecurity for over 25 years and while he’s worked for health insurance companies before, Matrix Medical Network is the first national health care organization he’s been with . He started in April 2020.

“If I can play a role in helping those who are helping serve the needs of others, then I’m happy,” he says.

Prior to Matrix Medical Network, Branco spent a year as vice president of information security at Webster Bank, based in Connecticut. Before that, he directed cybersecurity operations at MassMutual in Springfield, Massachusetts, and then at ConnectiCare. He also oversaw information security architecture at Eversource Energy and United Rentals, both in his home state of Connecticut.

Branco, who has a bachelor’s degree in human relations with a minor in office information systems from Pace University, doesn’t just have cybersecurity certifications—he helped develop the standards for them. He was a contributing author for the National Institute of Standards and Technology standards on smart grid cybersecurity (NISTIR 7628) and was a subject matter expert for the original (ISC)2 Information Systems Security Architecture Professional exam.

He has also served as president of Connecticut’s chapter of the Information Systems Security Association.

“I love cybersecurity and how it’s constantly mushrooming,” Branco says. “It’s not the same now as it was last year, and it won’t be the same next year. We’re doing things that were previously unimaginable and I’m excited to see what’s next.”