Assessing the Risk of a Ransomware Attack on a Healthcare Payer with the RiskLens Risk Quantification Platform

April 22, 2021  Jeff B. Copeland

Ransomware ScreenBy some estimates, 2020 was the worst year on record for ransomware attacks on the healthcare industry and the trend continues in 2021 -- 1.3 million patient records were stolen from healthcare payer Centene subsidiaries through a third party vendor and held for extortion by the FIN11 and Clop ransomware gangs.   

Ransomware is particularly destructive for health insurance companies because it locks out employees and patients from urgent communication, puts payers at risk for legal and regulatory action, and threatens ‘digital transformation’ initiatives in healthcare going forward – earlier this year, the University of Vermont Health Network had to postpone its EHR program as it continues to clean up the effects of a ransomware attack from months before.  

The ransomware wave puts extra pressure on healthcare payer CISOs to prioritize spending to effectively mitigate ransomware risk while maintaining adequate defenses against the other ongoing demands of cybersecurity. 

With the RiskLens Cybersecurity Prioritization & Justification for Healthcare Payers solution, payer CISOs get the decision support they need to run a targeted, risk-based strategy against ransomware based on cyber risk quantification that frames technical choices in business terms of cost vs benefit.  

Get a close-up look at the RiskLens Cybersecurity Prioritization & Justification Solution for Healthcare Payers – schedule a demo.   

The solution comes out of the box with a workflow ready for analysis covering ransomware, PHI data breach and other loss events top-of-mind for healthcare payers, fed by curated, sector-specific data. The solution runs on the RiskLens platform, the only SaaS application custom-built to enable cyber risk quantification with the FAIR™ standard

Here’s a look at how Healthcare Payer Prioritization & Justification handles a ransomware risk assessment: 

A flexible analysis capability captures the full scope of the ransomware threat. Ransomware is a double problem to be unpacked: Availability (outage of network shared drives) and Confidentiality (under HIPAA rules, if an attacker encrypts data, that’s the equivalent of a breach). The platform analyzes two separate risk scenarios then aggregates the results into a single risk assessment that shows the total, financial implications of ransomware for the business.  

Assisted data-gathering in a guided workflow. The RiskLens quantitative risk analysis platform is a guided experience that prompts the user at every step of data gathering and input for FAIR analysis. Provided through the platform are Data Helpers and loss tables pre-populated with healthcare payer specific data that are customizable with your own data.  All of this simplifies and speeds up analysis.

RiskLens Platform - Workshop Questions





Granularity ensures best possible analysis results. The Healthcare Payer solution has been carefully thought through to elicit the most relevant data for a ransomware analysis.  

For instance, to answer the question “What’s the probability of a ransomware attack?”, we know that ransomware typically gains a foothold via phishing, so data points from a Data Helper that go in our estimation include known phishing emails received per year, click rate, and anti-virus or other controls in place.  

It’s a similar experience to estimate the strength of controls in place with another Data Helper: What’s the efficiency of your set of controls at blocking attacks, based on industry norms?  

Reporting that business leaders can understand. The RiskLens platform generates analysis results showing risk as loss exposure in dollar terms. Results are also displayed in a range that gives decision makers the option to choose their level of risk tolerance.  

Loss Exceedance Curve - Endpoint Vulnerabitilies-1


Reporting not only shows overall risk but reveals the key drivers of risk to offer direct guidance on risk reduction possibilities – for instance, the cost vs benefit to encrypt data or reduce the amount of data in a particular system to protect against ransomware attack.  

Once reports are run, they are easily tweaked to make alternate scenarios for rapid decision support, for instance, to analyze paying or not paying a ransom.  And our services team partners with every client to integrate the outputs of our solution with existing reporting.

Learn more about the RiskLens Prioritization and Justification Solution for Healthcare Payers