OB Hospitalist Group: Quantifying Cyber Risk to Drive Clinical Confidence - Safe Security
Introducing AI Vendor Risk Management at Gartner Security & Risk Management Summit   –  Learn More
close-icon

OB Hospitalist Group: Quantifying Cyber Risk to Drive Clinical Confidence

quote Icon

“Before SAFE, our cyber risk conversations were based on subjective scores that didn't resonate with the business. Now, we use the FAIR model to translate technical vulnerabilities into actual financial impact. SAFE hasn't just automated our workflow; it’s empowered us to have more objective, value-driven conversations with our business owners about the risks we’re taking.”

John Phillips John Phillips

Director of Cybersecurity Services

Industry

Hospitals & Clinics

Geography

Americas

Size & Revenue

2,500+ employees

70% Reduction

vendor assessment time

10+ Hours Saved

per week

100% Visibility

tier-one vendor risk

The Challenges

  • Inefficient Manual Bottlenecks: The cybersecurity team spent hours weekly managing manual spreadsheets and questionnaires, with each assessment taking 4–6 hours to complete.
  • Subjective, Unreliable Scoring: Legacy tools provided scores that were perceived as subjective and lacked deep analysis into the actual financial impact of a breach.
  • Limited Visibility: Existing processes only covered a small fraction of vendors, leaving many systems unmonitored on a regular basis.
  • Communication Gap with Leadership: The cybersecurity team struggled to explain cyber risk to stakeholders in business-friendly, financial terms.Why SAFE? Decision Making, Budget Optimization, and FAIR at Scale

Metrics

  • 70% Reduction in vendor assessment cycle time
  • 10+ Hours Saved per week by automating manual questionnaires
  • 100% Visibility into tier-one vendor risk and financial loss magnitude

Turning Cyber Risk Into Business Decisions

OBHG evaluated several competitors, but chose SAFE for its superior ability to provide a unified cyber risk story. While other tools relied on outside-in scanning and control evidence, SAFE’s integration of the FAIR methodology was the primary factor in the decision. The team sought a solution that could quantify risk in dollars and cents, enabling the business to make defensible risk-informed investment decisions. SAFE stood out by offering a single, defensible “SAFE Score” that combines automated scanning with questionnaire evidence and compliance documentation, eliminating the need to normalize conflicting data.

 

“It’s already having an impact on our operation and our cyber risk presentation after just a month. It sends the right tone not only to our vendors, but to our other team members that we’re serious about cyber risk management and how we’re handling it. It’s making my life a lot easier.”

Zach Brown, IT GRC Analyst

Achieving Enterprise-Wide Risk Visibility

The moment of truth arrived when OBHG successfully transitioned its key vendors to the SAFE platform, immediately gaining visibility into the aggregate magnitude of their losses. By automating data collection, the cybersecurity team reduced the assessment cycle by 70%. Now, OBHG can present reports to the business that show exactly how much financial risk is associated with specific vendors and which controls will most effectively reduce that exposure. This shift has shifted accountability for risk from the security silo to broader business leadership.

The SAFE Solution

  • Automated End-to-End TPRM: Replaced manual intake and spreadsheets with a single platform for assessments, evidence gathering, and continuous monitoring.
  • FAIR-Based Risk Quantification: Utilizes detailed loss event scenarios and Monte Carlo simulations to model the potential financial impact of third-party breaches.
  • Unified Safe Score: Leverages a 0–5 score influenced by both outside-in scans and internal documentation, providing a holistic view of vendor maturity.
  • Strategic Reporting: Provides AI-generated summaries and customizable dashboards that highlight top control recommendations and return on investment for security spend.