A Quantified View of the Breach Likelihood of Molina Healthcare’s Business Critical Applications Storing PHI
CIO - Molina Healthcare
Accounting for 79% of all breaches till November 2020, the healthcare and healthcare insurance industry has been witnessing a heightened frequency of high-impact cyber-attacks. Healthcare enterprises typically maintain data repositories constituting not just financial information but also personal and clinical data. Molina Healthcare comprises a treasure trove of highly sensitive Personally Identifiable Information (PII) and Protected Health Information (PHI) data for its 3.6 million customers. While Social Security numbers and credit card information usually sell for USD 1 to USD 110, medical records can be sold for up to USD 1000 in the underground marketplaces owing to the data’s utility in nefarious activities comprising identity theft and financial fraud.
Committed to securing Molina Healthcare’s IT environment, critical applications, and patient PII/PHI, based on recommendation from Molina’s service partner, Infosys, Amir brought in SAFE Security to conduct red teaming exercises to closely mimic a real hacker’s active and covert attack methods as part of due diligence. SAFE Security’s Red Team executed a real-world, “no-holds-barred” attack scenario on Molina Healthcare’s perimeter infrastructure to test the adequacy of its security tools/controls as well as detection and response capabilities of its Blue Team and Cyber Security team.
While the red teaming exercises helped unearth serious security loopholes that would not otherwise be detected with traditional penetration tests, Amir continued with his pursuit of a real-time, quantified view of resiliency of Molina’s hybrid tech stack.
The hassle of managing multiple spreadsheets, manually combining the assessment results, and tracking the progress in terms of what's being fixed and what's not, consumed painstaking long hours for my team spread across various cities. Thus, the possibility of quantifying the overall risk at technology level/asset level or a BU level was bleak.”
A continuous and clear visibility into the risk posture through dynamic predictions of the breach likelihood (SAFE Score) for Molina’s business critical applications
“Getting a trending real-time view of risk and breach likelihood scores at application / asset / BU / enterprise level offered by SAFE Enterprise goes a long way in helping me chart Molina’s journey through security posture improvement. With this powerful risk view offered by SAFE coupled with unparalleled support extended by the Infosys team, I can now connect the dots and determine whether we have improved or gone down in terms of our security maturity for any chosen period.
SAFE Enterprise’s continuous assessment of the hardening level of our IT infrastructure can go a long way in enabling us to unearth the most critical gaps in our hybrid environment, which drastically reduces the probability of a cybersecurity breach.”
Overcoming cybersecurity communication barrier by introducing a common vernacular through SAFE
“In addition to SAFE’s 360° approach to dynamic, quantitative cyber risk management, with breach likelihood scores being generated across 5 threat vectors (people, policy, technology, cyber security products and third party), SAFE has made it possible to overcome the communication barrier between various internal stakeholders and the board.
High-velocity, rapidly evolving security risks may not always translate to any conventional metrics that executive management and board members typically are used to, thus creating a problematic disconnect among the on-ground SOC teams, executive leadership and the board. The introduction of SAFE has helped bridge the gap making it possible for all of these stakeholders to speak the same language - SAFE scores translating to the breach likelihood scores for people, policy and technology measured on a normalized, consistent scale of 0-5.”
Cyber Security Practice - Infosys
Molina Healthcare, Inc. a Fortune 200 company providing managed health care services. It has a 41-year history of supporting managed care populations serving 3.6 million members covered by government programs such as Medicare and Medicaid.
Healthcare: Insurance and Managed Care
20,000+ employees; heavily regulated (HIPAA, SOX, and PCI)
Benefits of SAFE Enterprise
- A continuous and clear visibility into the risk posture via dynamic predictions of the breach likelihood (SAFE Score) for Molina’s business critical applications.
- Breach Likelihood Score per Employee, Hybrid Asset, LoB/Crown Jewels.
- Overcoming cybersecurity communication barrier by introducing a common vernacular through SAFE.
Infosys is a global leader in next-generation digital services and consulting. We enable clients in 46 countries to navigate their digital transformation. With four decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change.
We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem. Visit www.infosys.com to see how Infosys (NYSE: INFY) can help your enterprise navigate your next.