A Quantified View of the Breach Likelihood of Molina Healthcare’s Business Critical Applications Storing PHI

“Faced with the healthcare industry’s rigorous compliance requirements and the rising risks of cyber attacks, it became a top priority for me to get a real-time, data-backed and continuous view of exactly how secure are my critical applications storing, processing and managing PHI. SAFE Enterprise helped me achieve this.”
Amir P.Desai
CIO - Molina Healthcare

Overview

Accounting for 79% of all breaches till November 2020, the healthcare and healthcare insurance industry has been witnessing a heightened frequency of high-impact cyber-attacks. Healthcare enterprises typically maintain data repositories constituting not just financial information but also personal and clinical data. Molina Healthcare comprises a treasure trove of highly sensitive Personally Identifiable Information (PII) and Protected Health Information (PHI) data for its 3.6 million customers. While Social Security numbers and credit card information usually sell for USD 1 to USD 110, medical records can be sold for up to USD 1000 in the underground marketplaces owing to the data’s utility in nefarious activities comprising identity theft and financial fraud.

Committed to securing Molina Healthcare’s IT environment, critical applications, and patient PII/PHI, Amir brought in SAFE Security to conduct red teaming exercises to closely mimic a real hacker’s active and covert attack methods as part of due diligence. SAFE Security’s Red Team executed a real-world, “no-holds-barred” attack scenario on Molina Healthcare’s perimeter infrastructure to test the adequacy of its security tools/controls as well as detection and response capabilities of its Blue Team and Cyber Security team.

While the red teaming exercises helped unearth serious security loopholes that would not otherwise be detected with traditional penetration tests, Amir continued with his pursuit of a real-time, quantified view of resiliency of Molina’s hybrid tech stack.

Challenges

01
Lack of a real-time quantified view of breach likelihood of critical application storing PHI
02
Managing multiple spreadsheets to gather risk posture updates was time-consuming, manually intensive, and yielded limited visibilty
Inclusive of Molina Healthcare’s acquired businesses, its operations span across multiple cities; hence measuring and monitoring the security posture of the underlying tech-stack brought its own set of challenges for Amir’s team.
“Prior to SAFE, we didn't have any centralized tool to monitor the security loopholes identified through configuration and vulnerability assessments, red teaming exercises, and security audits for compliance, for each technology stack across each of my Business Units and acquired businesses.

The hassle of managing multiple spreadsheets, manually combining the assessment results, and tracking the progress in terms of what's being fixed and what's not, consumed painstaking long hours for my team spread across various cities. Thus, the possibility of quantifying the overall risk at technology level/asset level or a BU level was bleak.”
Amir P.Desai
CIO - Molina Healthcare
molina healthcare case study
Solution
In its constant pursuit to fulfill the overwhelming demand of its 3.6 million members with agility and security, Molina continues to adopt state-of-the-art cybersecurity products and deploy emerging technologies. To effectively secure its environment and crown jewels (people, process, technology, and large volumes of PII, PHI), Amir decided to bring in SAFE, an enterprise-wide, unified, and real-time Digital Business Risk Quantification platform for Molina Healthcare’s hybrid environment.
SAFE aids Molina in identifying new misconfigurations in real-time, ingesting vulnerability assessment results via SAFE integrations available with multiple VA tools. The platform would in turn showcase a quantified and trending view of the breach likelihood scores for assets, BU, overall enterprise - whether they are improving or deteriorating on a real-time basis - All on one dashboard!

A continuous and clear visibility into the risk posture through dynamic predictions of the breach likelihood (SAFE Score) for Molina’s business critical applications

“Getting a trending real-time view of risk and breach likelihood scores at application / asset / BU / enterprise level offered by SAFE Enterprise goes a long way in helping me chart Molina’s journey through security posture improvement. I can now connect the dots and determine whether we have improved or gone down in terms of our security maturity for any chosen period.

SAFE Enterprise’s continuous assessment of the hardening level of our IT infrastructure can go a long way in enabling us to unearth the most critical gaps in our hybrid environment, which drastically reduces the probability of a cybersecurity breach.”

Team at
Molina Healthcare

Overcoming cybersecurity communication barrier by introducing a common vernacular through SAFE

“In addition to SAFE’s 360° approach to dynamic, quantitative cyber risk management, with breach likelihood scores being generated across 5 threat vectors (people, policy, technology, cyber security products and third party), SAFE has made it possible to overcome the communication barrier between various internal stakeholders and the board.

High-velocity, rapidly evolving security risks may not always translate to any conventional metrics that executive management and board members typically are used to, thus creating a problematic disconnect among the on-ground SOC teams, executive leadership and the board. The introduction of SAFE has helped bridge the gap making it possible for all of these stakeholders to speak the same language - SAFE scores translating to the breach likelihood scores for people, policy and technology measured on a normalized, consistent scale of 0-5.”

Team at
Molina Healthcare

About Molina

Molina Healthcare, Inc. a Fortune 200 company providing managed health care services. It has a 41-year history of supporting managed care populations serving 3.6 million members covered by government programs such as Medicare and Medicaid.

Industry
Healthcare: Insurance and Managed Care

IT Environment
20,000+ employees; heavily regulated (HIPAA, SOX, and PCI)

Benefits of SAFE Enterprise

  • A continuous and clear visibility into the risk posture via dynamic predictions of the breach likelihood (SAFE Score) for Molina’s business critical applications.
  • Breach Likelihood Score per Employee, Hybrid Asset, LoB/Crown Jewels.
  • Overcoming cybersecurity communication barrier by introducing a common vernacular through SAFE.

About Safe Security

Get Started with SAFE

Enterprises across all industries are rapidly transforming their businesses using SAFE Enterprise. Contact our experts and start your own SAFE Enterprise journey today.