A multi-day immersive complex cybersecurity simulation exercised real-time decision-making, executive engagement, and third-party coordination across a major U.S. healthcare technology organization.
The Opportunity
A major U.S.-based healthcare technology organization engaged Bryghtpath to design and facilitate a high-fidelity cyber extortion crisis simulation. With newly updated crisis and cybersecurity incident response plans in place, the client wanted to validate its ability to respond under pressure, escalate effectively to executive leadership, and integrate third-party partners into a coordinated, real-time response.
The organization sought a realistic exercise experience that mirrored the intensity, ambiguity, and cross-functional demands of an actual cyber extortion incident.
Approach and Results
Bryghtpath led a three-month planning effort, beginning with goal-setting and technical consultation to ensure scenario credibility for this complex cybersecurity simulation.
The final scenario featured a fictional ransomware and cyber extortion group—AnomalyUnit-9—loosely inspired by the real-world Karakurt threat actor. The group claimed to have stolen over 100GB of sensitive data, including PHI, employee records, and financial information, threatening to publicly leak and auction the data.
Over 2.5 days, more than sixty participants engaged in a live, immersive exercise conducted entirely in real-time. Communications, cybersecurity, human resources, operational, and other injects were delivered via the same channels used in actual incidents—email, SMS, Microsoft Teams, voice mails, and phone calls—creating operational friction and realism. Actual methods employed by the real-life Karakurt threat actor were employed throughout the exercise, including double extortion techniques and simulated contact with customers, employees, and PHI subjects.
Bryghtpath facilitated the exercise entirely from behind the scenes, adjusting injects dynamically based on team actions and decisions. A concluding hot wash and a comprehensive post-exercise survey immediately captured participant feedback to inform after-action planning.
Key Activities
- Conducted detailed planning sessions with compliance, legal, information security, and crisis communications teams
- Developed a technically sound, reputationally charged cyber extortion scenario
- Delivered more than 40 customized injects across multiple platforms and communication modes
- Simulated press releases, stakeholder calls, media coverage, and influencer engagement
- Introduced complexity through social media videos, angry stakeholder calls, inbox flooding, and off-hours messaging
- Provided injects into multiple full crisis management team meetings over the 2.5-day period
- Escalated decisions to the Executive Leadership Team for real-time briefings and approvals
- Coordinated involvement of third-party legal counsel, crisis communications advisors, and a cyber extortion negotiation/intelligence firm
Outcomes
The exercise challenged participants to manage incomplete and conflicting information while maintaining response cadence and stakeholder confidence.
Key outcomes included:
- Strengthened coordination across technical, legal, and communications teams
- Demonstrated ability to escalate decisions to senior leadership in real-time
- Validated integration points with external legal, communications, and negotiation partners
- Reinforced the organization’s ability to operate under pressure across time zones and communication channels
- Identified areas of improvement related to decision ownership, messaging consistency, and playbook execution
- Informed future updates to the client’s crisis management and cybersecurity response frameworks
Following the exercise, Bryghtpath delivered a detailed after-action report and facilitated an executive-level debrief, providing concrete recommendations and next steps to further strengthen the organization’s resilience.
What our Partners Said
“This complex cybersecurity simulation was the closest thing to a real-life incident I have experienced.”
– Third-Party Participant
Download a PDF copy of this Case Study
We can help.
Let the experts at Bryghtpath put their decades of experience to work for your organization
We’ve designed, facilitated, and evaluated exercises for
Fortune 500 organizations around the world.
Our team has the experience, tools, and partnerships to help your organization successfully navigate the rough waters ahead – and ensure your organization is prepared.