A major U.S. health insurer partnered with Bryghtpath to put its executive leadership team through a cyber-extortion simulation, testing how its most senior leaders would make a high-stakes ransom decision while protecting members, meeting regulators, and engaging the board.
The Opportunity
A major U.S. health insurer needed to know whether its most senior leaders could make the hardest calls in a ransomware crisis. A real cyber-extortion event would force the executive team to weigh a ransom payment, member notification, regulatory obligations, and board engagement at speed, with member services and claims on the line.
The insurer engaged Bryghtpath to design, facilitate, and evaluate an executive-level tabletop exercise based on a realistic cyber-extortion scenario, extending an earlier crisis-team exercise to the executive leadership team.
Approach and Results
Bryghtpath built the exercise around a realistic cyber-extortion event: a well-known ransomware group encrypted the insurer’s core claims processing system and issued a $18 million ransom demand, which was negotiated down to $8 million through a third-party firm. The scenario advanced through discovery, containment, negotiation, and decision phases, extending an earlier crisis-team tabletop exercise to the executive leadership team so the organization could test the escalation from the crisis team to its most senior leaders.
In the session, the executive team made real-time decisions on whether to pay, how and when to notify members and regulators, when to engage the board, and how to manage public messaging, all while weighing the impact on claims, pharmacy, prior authorization, and provider payments. Outside counsel played their real-life role advising the executives throughout the exercise.
The team engaged deeply and reached a decisive outcome on the ransom question. The exercise also surfaced the highest-value next steps: a crisis communications playbook, a ransom-payment decision framework, and stronger executive access to business continuity impact data. Bryghtpath delivered a prioritized after-action report to guide them.
Key Activities
- Designed a cyber-extortion scenario built on a current, real-world ransomware threat group.
- Advanced the scenario through discovery, containment, ransom negotiation, and decision phases.
- Facilitated an executive tabletop on the pay/no-pay decision, member notification, and board engagement.
- Engaged advisors from communications, public affairs, information security, and resilience, with outside counsel.
- Evaluated the response and delivered an after-action report with prioritized recommendations.
Outcomes
- Gave senior executives realistic practice in making high-stakes ransom decisions under pressure.
- Tested escalation from the crisis management team to the executive leadership team.
- Validated strong executive engagement and decisive decision-making under uncertainty.
- Identified the need for a crisis communications playbook and a ransom-payment decision framework.
- Delivered a prioritized after-action report to mature executive crisis readiness.
We can help.
Let the experts at Bryghtpath put their decades of experience to work for your organization
Our team has the experience, tools, and partnerships to help your organization successfully navigate the rough waters ahead – and ensure your organization is prepared.