Case Study: Healthcare Provider quantifies IT hygiene risk with RiskLens

Healthcare Provider Assesses Risk Associated with IT Hygiene

Healthcare Provider partnered with RiskLens to understand how much risk was associated with its IT hygiene across internal systems, including databases, servers, and workstations. The organization wanted to quantify confidentiality and availability risk from both malicious and non-malicious threats, including cyber criminals, general hackers, and privileged insiders, and determine how that risk was distributed across asset types and actors.

Using RiskLens and the FAIR model, the healthcare provider assessed configuration and vulnerability management issues, estimated threat event frequency, and quantified primary and secondary losses such as incident response, notifications, regulatory actions, litigation, customer service, and reputational impact. RiskLens found the current annualized loss exposure was $14.5M on average, with a range of $3.2M to $45.0M, and showed that 60% of the risk was tied to confidentiality and 40% to availability. The analysis also identified generic databases, workstations, and generic servers as key concentrations of risk, helping the CIO/CISO prioritize next steps and plan biannual reviews to track risk reduction.