HomeResources Case StudiesMolina Healthcare

A Quantified View of the Breach Likelihood of Molina Healthcare’s Business Critical Applications Storing PHI

Сase study

“Faced with the healthcare industry’s rigorous compliance requirements and the rising risks of cyber attacks, it became a top priority for me to get a real-time, data-backed and continuous view of exactly how secure are my critical applications storing, processing and managing PHI. SAFE Enterprise helped me achieve this.”
amir p.desai
Amir P.Desai
CIO - Molina Healthcare

Overview

Accounting for 79% of all breaches till November 2020, the healthcare and healthcare insurance industry has been witnessing a heightened frequency of high-impact cyber-attacks. Healthcare enterprises typically maintain data repositories constituting not just financial information but also personal and clinical data. Molina Healthcare comprises a treasure trove of highly sensitive Personally Identifiable Information (PII) and Protected Health Information (PHI) data for its 3.6 million customers. While Social Security numbers and credit card information usually sell for USD 1 to USD 110, medical records can be sold for up to USD 1000 in the underground marketplaces owing to the data’s utility in nefarious activities comprising identity theft and financial fraud.

Committed to securing Molina Healthcare’s IT environment, critical applications, and patient PII/PHI, based on recommendation from Molina’s service partner, Infosys, Amir brought in SAFE Security to conduct red teaming exercises to closely mimic a real hacker’s active and covert attack methods as part of due diligence. SAFE Security’s Red Team executed a real-world, “no-holds-barred” attack scenario on Molina Healthcare’s perimeter infrastructure to test the adequacy of its security tools/controls as well as detection and response capabilities of its Blue Team and Cyber Security team.

While the red teaming exercises helped unearth serious security loopholes that would not otherwise be detected with traditional penetration tests, Amir continued with his pursuit of a real-time, quantified view of resiliency of Molina’s hybrid tech stack.

Challenges

01
Lack of a real-time quantified view of breach likelihood of critical applications storing PHI
02
Managing multiple spreadsheets to gather risk posture updates was time-consuming, manually intensive, and yielded limited visibility
Inclusive of Molina Healthcare’s acquired businesses, its operations span across multiple cities; hence measuring and monitoring the security posture of the underlying tech-stack brought its own set of challenges for Amir’s team.
“Prior to SAFE, we didn't have any centralized tool to monitor the security loopholes identified through configuration and vulnerability assessments, red teaming exercises, and security audits for compliance, for each technology stack across each of my Business Units and acquired businesses.

The hassle of managing multiple spreadsheets, manually combining the assessment results, and tracking the progress in terms of what's being fixed and what's not, consumed painstaking long hours for my team spread across various cities. Thus, the possibility of quantifying the overall risk at technology level/asset level or a BU level was bleak.”
Amir P.Desai
CIO - Molina Healthcare
molina healthcare case study
Solution
In its constant pursuit to fulfill the overwhelming demand of its 3.6 million members with agility and security, Molina continues to adopt state-of-the-art cybersecurity products and deploy emerging technologies. To effectively secure its environment and crown jewels (people, process, technology, and large volumes of PII, PHI), Amir decided to bring in SAFE, an enterprise-wide, unified, and real-time Digital Business Risk Quantification platform for Molina Healthcare’s hybrid environment. Having a renowned and trusted implementation partner as Infosys ensured that the on-ground SAFE execution was bound to be successful.
SAFE aids Molina in identifying new misconfigurations in real-time, ingesting vulnerability assessment results via SAFE integrations available with multiple VA tools. The platform would in turn showcase a quantified and trending view of the breach likelihood scores for assets, BU, overall enterprise - whether they are improving or deteriorating on a real-time basis - All on one dashboard!

A continuous and clear visibility into the risk posture through dynamic predictions of the breach likelihood (SAFE Score) for Molina’s business critical applications

“Getting a trending real-time view of risk and breach likelihood scores at application / asset / BU / enterprise level offered by SAFE Enterprise goes a long way in helping me chart Molina’s journey through security posture improvement. With this powerful risk view offered by SAFE coupled with unparalleled support extended by the Infosys team, I can now connect the dots and determine whether we have improved or gone down in terms of our security maturity for any chosen period.

SAFE Enterprise’s continuous assessment of the hardening level of our IT infrastructure can go a long way in enabling us to unearth the most critical gaps in our hybrid environment, which drastically reduces the probability of a cybersecurity breach.”

Team at
Molina Healthcare

Overcoming cybersecurity communication barrier by introducing a common vernacular through SAFE

“In addition to SAFE’s 360° approach to dynamic, quantitative cyber risk management, with breach likelihood scores being generated across 5 threat vectors (people, policy, technology, cyber security products and third party), SAFE has made it possible to overcome the communication barrier between various internal stakeholders and the board.

High-velocity, rapidly evolving security risks may not always translate to any conventional metrics that executive management and board members typically are used to, thus creating a problematic disconnect among the on-ground SOC teams, executive leadership and the board. The introduction of SAFE has helped bridge the gap making it possible for all of these stakeholders to speak the same language - SAFE scores translating to the breach likelihood scores for people, policy and technology measured on a normalized, consistent scale of 0-5.”

Team at
Molina Healthcare
“We’ve found SAFE to be a robust Cyber Risk Quantification platform that accurately measures enterprise risk exposure. It provides transparency into the status of the risk posture quantified up to the last mile. We are confident that SAFE’s real-time, trending view of the security stature of enterprises will be well received by our customers worldwide.“
Vishal Salvi,
SVP, CISO and Global Head of
Cyber Security Practice - Infosys

About Molina

Molina Healthcare, Inc. a Fortune 200 company providing managed health care services. It has a 41-year history of supporting managed care populations serving 3.6 million members covered by government programs such as Medicare and Medicaid.

Industry
Healthcare: Insurance and Managed Care

IT Environment
20,000+ employees; heavily regulated (HIPAA, SOX, and PCI)

Benefits of SAFE Enterprise

  • A continuous and clear visibility into the risk posture via dynamic predictions of the breach likelihood (SAFE Score) for Molina’s business critical applications.
  • Breach Likelihood Score per Employee, Hybrid Asset, LoB/Crown Jewels.
  • Overcoming cybersecurity communication barrier by introducing a common vernacular through SAFE.

About Infosys

Infosys is a global leader in next-generation digital services and consulting. We enable clients in 46 countries to navigate their digital transformation. With four decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change.

We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem. Visit www.infosys.com to see how Infosys (NYSE: INFY) can help your enterprise navigate your next.

About Safe Security

Know More

Get Started with SAFE

Enterprises across all industries are rapidly transforming their businesses using SAFE Enterprise. Contact our experts and start your own SAFE Enterprise journey today.
Contact Sales

Explore Other Case Studies

Explore More
SAFE Provides a Quantified Visibility into Tata Consumer Products’ Enterprise Risk PostureRead More Apollo Hospitals Bolsters its Enterprise-Wide Cybersecurity Risk and Compliance Management with SAFERead More Unlocking 360° Visibility for Royal Sundaram Through a Real-Time Quantified View of Cyber Risk Posture.Read More