Case Study: Healthfirst achieves AI-driven email security and halts a $500K BEC attack with Abnormal AI

Healthfirst Prioritizes Quality with AI Automation for Email Security

Healthfirst, New York State’s largest not-for-profit insurer, faced urgent email security challenges: protecting PHI, stopping sophisticated business email compromise (BEC) and reducing finance and security team time spent vetting invoice emails. To address these risks, Healthfirst piloted Abnormal AI’s email security offerings — including Inbound Email Security, Account Takeover Protection and the AI Security Mailbox — relying on Abnormal’s human-behavior AI and automation to identify anomalous messages missed by legacy tools.

Abnormal AI was deployed quickly and integrated with Healthfirst’s CrowdStrike and SOAR tooling to enrich alerts and automate triage. The solution detected a near‑successful BEC during the pilot, saving an estimated $500K, produced zero missed attacks or false positives in 30 days, flagged 123 high‑risk vendors, and reduced analyst workload by collapsing roughly a billion events a week into about 30–60 incidents for review.

Healthfirst

Brian Miller

Chief Information Security Officer