PathFinder Group
Risk Management Consultants

Strategic Planning Case Study

Strategic Communications & Public Affairs



Industry: Healthcare

Problem: Cyber concerns include: lawsuits for privacy theft as a result of disclosure of protected healthcare information, physical injury to patients as a result of administrative errors in managing the network or other technology failure, first party loss of revenue and related extra expenses as a result of a network or system failure, cyber extortion, and third-party liability for errors & omissions in providing IT-related services. Our client assumes these risks are covered under traditional insurance and feels it has implemented technological safeguards to adequately protect it. Our client is uncertain if it has uncovered many of its cyber-related risks and is unaware of the various methods to protect against the financial impact of these risks.



  • Risk identification and risk mapping session to identify key risks, map the risks according to likelihood and financial impact and develop a solution for each risk.
  • Conduct a coverage gap analysis because most traditional policies do not cover theses risks. Review current policies and determine where coverage is lacking and work with our client and its insurance agent to obtain appropriate coverage or fund for the loss.
  • Reviews IT vendor contracts to look for specific coverages and specific limits of liability as well as the indemnification wording.



Individual privacy and protection of personal data are two of the most important concerns for organizations in today’s competitive market. Combine these issues with changes in health care; and cyber risk becomes one of the most critical areas for the risk management team. The financial impact of cyber-related losses in the health care industry can devastate an organization. Recently, a health care organization had a computer bag stolen exposing patient information. The loss amount exceeded $7,000,000.

Through risk identification and risk mapping, PathFinder successfully identifies cyber-related risks and map them according to likelihood and financial impact. We address methods of handling each risk whether through risk transfer, implementing risk control strategies or accruing for self-funded losses.

Through coverage gap analysis – we uncover several areas of the organization’s cyber-related risks that are not insured. Our client obtains appropriate insurance or funds for self-insured losses for:

  • Privacy liability arising from unauthorized disclosure or loss of private information.

  • Network liability arising from the interruption of systems or other damage caused by damage to your computer programs or data that results from a computer attack or unauthorized access or use of a system or a simple mistake by your authorized personnel in the administration of your computer system.

  • Business Income Loss – earnings loss and/or extra expense as a result of non-physical events such as a hacker attack or a virus.

  • Restoration costs.

  • Public Relations expenses.

  • Investigative expenses.

  • Notification costs.

By reviewing and making changes to the vendor contracts, our client reduces their exposure to third party errors and omissions.


  1. Agent lead-time for quality feedback reduced from 8 days to 24 hours
  2. Offline work consolidated to a dedicated team
  3. Identified an annual savings of $1.8 million in overtime and an additional $1.3 million in excess staffing expense

Some of Our Past Clients