Skip to main content
NorthStar Technology Group
All Case Studies
Cyber Insurance

Reducing Cyber Insurance Premiums for a 1,400-Employee Hospital System

How NorthStar implemented the cybersecurity controls that satisfied carrier requirements and reduced premiums for a long-term care and critical access hospital.

The Client

A 1,400-employee hospital system operating both long-term care and critical access facilities. The organization was facing significant cyber insurance premium increases at renewal and needed to demonstrate improved security posture to satisfy carrier underwriting requirements.

The Challenge

  • Cyber insurance premiums were increasing significantly at each renewal cycle
  • Carrier underwriting questionnaires revealed gaps in the organization's security controls
  • 1,400 employees across multiple facilities created a large attack surface
  • Long-term care and critical access environments have different operational constraints
  • The organization needed to demonstrate measurable security improvements to the carrier before renewal

What NorthStar Did

  • Assessed the organization's current security posture against carrier underwriting requirements
  • Identified the specific control gaps causing premium increases and coverage concerns
  • Deployed multi-factor authentication across all systems accessing patient data
  • Implemented endpoint detection and response (EDR) on all 1,400+ endpoints
  • Established tested backup procedures with verified offline copies
  • Documented incident response plan and conducted tabletop exercises
  • Rolled out security awareness training with phishing simulations across all staff
  • Prepared carrier-ready documentation demonstrating control implementation

Results

Reduced

Premiums

1,400

Employees Protected

Met

Carrier Requirements

Renewed

Coverage

The Full Story

Cyber insurance carriers have been tightening underwriting requirements every year since 2021. Organizations that cannot demonstrate specific security controls face premium increases, coverage exclusions, or outright denial. For a 1,400-employee hospital system operating both long-term care and critical access facilities, the financial impact of those premium increases was becoming a serious budget concern.

The organization's carrier had flagged several control gaps during the renewal process. The underwriting questionnaire asked specific technical questions about MFA deployment, endpoint protection, backup testing, incident response planning, and employee training. Where the answers were "no" or "partial," premiums went up.

NorthStar started by mapping the carrier's requirements against the organization's actual security posture. This was not a theoretical exercise. We reviewed the underwriting questionnaire line by line, tested the existing controls, and identified exactly where the gaps were. Some were technical (MFA was not deployed on all systems accessing ePHI). Some were procedural (the incident response plan existed on paper but had never been tested). Some were documentation gaps (backup tests were happening but not being logged in a format the carrier could verify).

We then implemented the controls systematically. MFA was deployed across every system that accessed patient data or financial information. Endpoint detection and response was rolled out to all 1,400+ endpoints across both the long-term care and critical access facilities, with monitoring centralized through NorthStar's security operations. Backup procedures were restructured to include offline copies with regular verified restore tests, and every test was documented.

The incident response plan was updated, and we conducted a tabletop exercise with hospital leadership to walk through a ransomware scenario from detection through recovery and notification. Security awareness training was rolled out to all 1,400 employees, including phishing simulations tailored to healthcare-specific social engineering attacks.

When the organization went back to the carrier with updated underwriting responses, every question that had previously been a "no" or "partial" was now a documented "yes" with evidence. The result was a meaningful premium reduction and renewed coverage without exclusions.

More importantly, the controls we implemented to satisfy the carrier are the same controls that satisfy HIPAA Security Rule requirements. The organization did not just reduce insurance costs. They built a security program that makes them demonstrably more resilient to the attacks that drive those costs in the first place.

About the author

Ken Satkunam, CISM

Ken Satkunam, CISM

President & Founder, NorthStar Technology Group

Ken has spent over 25 years in IT leadership, serving in roles from technical support to CIO for organizations as large as 23,000 employees. He founded NorthStar Technology Group in 2000 to help regulated organizations build secure, compliant, and operationally resilient technology environments. Ken holds the Certified Information Security Manager (CISM) credential from ISACA and is the co-author of the Amazon best-seller "Cyber Attack Prevention." He has been quoted in industry publications including eWeek and DM News, and NorthStar has been recognized on the Inc. 5000 list in both 2024 and 2025.

CISMInc. 5000MSP 500Published Author25+ Years
Connect on LinkedInView full profile

Facing a Similar Challenge?

Every engagement starts with understanding where you are and building a clear path forward.

View Healthcare Resources