Phishing Risk Assessment for Healthcare Payers

June 10, 2021  Jeff B. Copeland

Computer NetworkThe authoritative 2021 Verizon Data Breach Investigations Report (DBIR) found that 36% of breaches initiated with phishing attacks in 2020, an 11% jump year over year – and healthcare was on the front lines, as hackers and scammers jumped in to exploit the disruption of the COVID crisis.

In 2020, one large health insurance organization fell victim to a multi-layer attack that started as a phishing scam impersonating clients that opened the way for attackers to plant malware on a corporate server and exfiltrate client and employee personal information, followed by launch of ransomware.

As that incident shows, the phishing threat now covers a multitude of sophisticated tactics, including spoof messages that seem to come from a senior executive inside the company or a trusted vendor or client, and end-games that may involve launching an APT or ransomware or gulling an employee into paying a fake bill. 

Once attackers gain a foothold through phishing, the game becomes more complicated, as they move laterally through the network, potentially engaging with a wide variety of controls of varying strengths.

Meeting the Phishing Challenge with Sophisticated Cyber Risk Analysis

A risk assessment for phishing scenarios at a healthcare payer requires equally sophisticated tactics. But many cybersecurity teams at payer organizations lack the tactics or the tools to effectively prioritize their responses to this multi-front attack. They may be working off a  compliance-centric model that recommends a menu of controls with simple “more is better” guidance.  

RiskLens created the Cybersecurity Prioritization & Justification Solution for Healthcare Payers on the RiskLens platform to help CISOs work through to the most effective controls environment based on a thorough look at the organization’s security and business needs.

The solution features a guided workflow based on Factor Analysis of Information Risk (FAIR™), recommended by NIST for risk analysis and management, and generates analysis results quantified in dollars to enable security investment decisions on a solid basis of return on investment for risk reduction. 

The RiskLens platform’s healthcare payer solution was designed with built-in, sector-specific capabilities to make quantified analysis of phishing/network foothold risk fast and easy, including:

Guided Workflow

The platform guides step-by-step, anticipating the requirements of a FAIR analysis. For instance, select a phishing/foothold analysis and automatically a crown jewel asset containing PHI and PII populates, as that’s the most likely end target. 


Pre-populated Data Helpers and Loss Tables feed the analyses – users may take the time to collect internal data or go solely with the curated data from RiskLens, based on the Verizon DBIR and research by the RiskLens Data Science team. For instance, RiskLens has done the extensive research to have at the ready an estimate of how often a successful data breach of a crown jewel database would occur because of a phishing foothold.  

Analyzing Controls and Vulnerability/Susceptibility

RiskLens has carefully considered the efficacy of controls likely to be in place to prevent lateral movement for a phishing/foothold scenario, and automatically works those estimates into the range of probable outcomes for the analysis. 


The RiskLens platform generates analysis results showing risk as loss exposure in dollar terms and in a range of probable outcomes, to support informed discussion by decision-makers:

RiskLens Platform - Phishing ALE


Reporting can also compare mitigation options for risk reduction of phishing. 

RiskLens Platform - Compare Controls ROI

The RiskLens Cybersecurity Prioritization & Justification Solution for Healthcare Payers empowers CiSOs to

  • Address their organizations’ most significant business risks 
  • Ensure that their budgets are being deployed efficiently and effectively, and 
  • Communicate their priorities to stakeholders in the financial language of the business.

Contact us for a demo or to talk to a risk expert