Avalere Health

Sentara Health is a not-for-profit integrated healthcare system that's been serving communities for more than 125 years. What started in 1888 as a small hospital in Norfolk has grown into a network of over 300 sites of care across Virginia, North Carolina, and Florida. We operate 12 hospitals, and our team includes more than 1,600 physicians and advanced practice providers who complete over 2.8 million patient visits each year. Our mission is straightforward: we improve health every day. We're proud to be recognized as one of the nation's top health systems - IBM Watson Health named us among the "Top 15 Healthcare Systems," and we've consistently ranked at the top of U.S. News & World Report's best hospitals for over 18 years running. Eight of our hospitals have achieved Magnet Recognition Program® designation, the highest quality credential for nursing, awarded to fewer than 8% of hospitals nationwide. We combine state-of-the-art technology with expert multidisciplinary care teams to deliver quality outcomes, while constantly innovating to create new methods of care and measure our effectiveness.

Versant Health operates vision benefits administration for over 35 million members nationwide through its Davis Vision and Superior Vision brands, handling claims processing, provider credentialing, and eyewear fulfillment at scale. The company processes member data across commercial insurance clients and government programs including Medicaid, Medicare Advantage, and CHIP - making it a critical node in healthcare infrastructure with regulatory obligations spanning HIPAA, HITRUST, PCI, and SOC compliance frameworks. As a MetLife subsidiary since 2021, it sits at the intersection of legacy health systems and enterprise financial services architecture. The threat surface is substantial: protected health information for tens of millions of members flows through systems managing clinical review processes, automated manufacturing operations in their eyewear lab, and a nationwide provider network. NCQA accreditation for utilization management signals adherence to evidence-based guidelines, but also means any compromise could impact care delivery decisions. The technical environment includes NIST-aligned controls and standard enterprise tooling, with security posture shaped by both healthcare sector requirements and MetLife's broader risk management framework. Founded in 2017 through a merger of two companies with combined industry history exceeding a century, Versant Health operates infrastructure built across multiple acquisition integrations - a common pattern that creates security complexity in identity management, data residency, and legacy system dependencies. The company's credentialing systems, claims adjudication platforms, and manufacturing automation represent attack vectors where disruption translates directly to member access and operational capacity.

Vatica Health is the leading provider-centric risk adjustment and quality of care solution, transforming how healthcare organizations optimize performance through innovative technology and clinical expertise. Founded in 2011, the company serves over 1.7 million patients across 41 states through partnerships with 11,000+ providers and 14 national and regional health plan clients. Vatica Health has earned the prestigious Best in KLAS® award for three consecutive years (2023-2025), recognizing its excellence in risk adjustment software and professional services. The company's unique model pairs expert clinical teams with comprehensive data and intuitive technology at the point of care, enabling healthcare organizations to achieve better financial and clinical outcomes. By capturing more accurate and complete diagnosis codes, Vatica Health helps improve coding accuracy by approximately 10% per patient, close care gaps, enhance compliance, and reduce regulatory risk. The organization has experienced significant growth, including acquisition by Frazier Healthcare Partners in 2023, and continues to expand its market-leading PCP-centric risk adjustment solution that health plans and providers actually use.

Northwell Health operates as New York State's largest healthcare provider and private employer, running 28 hospitals and more than 1,000 outpatient facilities across the state. Founded in 1997 through the merger of North Shore Health System and Long Island Jewish Medical Center, the organization now employs over 104,000 team members and treats more than 2 million patients annually. The scale of operations spans clinical care, hospital operations, outpatient services, oncology, cardiovascular medicine, medical education, and research - creating a substantial digital attack surface that requires protecting patient data, medical devices, hospital networks, and research systems across a geographically distributed footprint. The organization's technical infrastructure supports both acute-care hospital operations and a vast ambulatory network delivering non-inpatient clinical services. This dual environment presents distinct security challenges: real-time clinical systems where availability is critical, electronic health records systems handling sensitive patient information at scale, medical IoT devices integrated across facilities, and research data requiring protection while enabling collaboration. The threat model includes ransomware targeting hospital operations, patient data exfiltration, medical device vulnerabilities, insider threats across a workforce exceeding 100,000, and supply chain risks inherent in healthcare technology ecosystems. As a nonprofit integrated healthcare network with explicit commitments to community health access and medical innovation, Northwell's security posture must balance robust protection with operational realities of healthcare delivery. The organization's focus on advancing medical education and research adds complexity around academic partnerships, data sharing protocols, and protecting intellectual property. Security teams operate within regulatory frameworks including HIPAA and state privacy laws while supporting clinical workflows that cannot tolerate the downtime or friction common in other industries.

HealthEquity administers Health Savings Accounts and consumer-directed benefits for millions of Americans navigating healthcare finance - a domain where regulatory complexity meets high-stakes personal data. As an IRS-designated non-bank HSA trustee, the company operates at the intersection of financial technology and benefits administration, processing healthcare dollars through systems that must satisfy both HIPAA requirements and financial services compliance. The attack surface spans account management platforms, employer integrations, and financial advisor portals. The technical stack centers on Workday for HR and benefits operations, with Salesforce handling customer relationship management. Security teams work across fintech threat models - account takeover, payment fraud, credential stuffing - layered with healthcare-specific risks around protected health information. The company manages FSAs, HRAs, and COBRA alongside its core HSA product, creating multiple data flows between employers, financial institutions, and individual account holders. Operations run entirely within the United States under federal healthcare and financial regulations. The threat model includes both external attackers targeting financial accounts and insider risk from employees accessing sensitive health and financial data across enterprise clients. Security architecture must account for partner integrations with employers and financial advisors, where weak links in third-party systems can expose HealthEquity's infrastructure. The scale of the operation - positioned as a leading HSA administrator - means compromise scenarios affect working Americans' healthcare savings and medical expense records simultaneously.

We've been building banking software for over 40 years, starting in 1985 when we set out to solve a real problem: financial institutions struggling with fragmented systems and manual processes. Today, we're a team of more than 2,500 people across 12 countries, supporting over 170 banks and wealth managers who trust us with their core operations. Our platform handles everything from client onboarding to investment management, payments, and compliance - whether you want to run it in the cloud or on your own servers. We don't just develop the software; we operate it too, which means we see firsthand what actually works in practice. Being part of NEC Corporation since 2020 gives us additional resources to keep innovating, but we still maintain the agility and client-focused approach that's defined us from the start.