Case Studies

Red Flag & IT Due Diligence for Health Insurance Provider


A private equity client was considering an acquisition of a health insurance provider and administrator and wanted to identify and quantify any IT risks, in order to protect their investment, understand any additional IT investments needed, and capitalize on IT-enabled value creation opportunities.


FTI Cybersecurity interviewed and collected artifacts from executives and IT management to understand IT requirements and environment; assessed IT organization, applications, infrastructure, security, compliance, budget, and spend; assessed proprietary claim analysis and rating system, to determine capability, stability, security, compliance and scalability; and current IT managed services provider (MSP) services, capabilities, and contracts.


Our experts identified numerous cybersecurity vulnerabilities and PHI compliance issues, and red flags related to the MSP’s infrastructure platform and network connectivity selection, maintenance, and support. Our team prepared a remediation plan and after the red flag issues were addressed, the private equity firm acquired the target company.