Fortune 10 Healthcare Giant Fuses Internal Incident Data Across 10,215 Sites to Cut Risk Assessments by 80%

When Your Own Data Is the Biggest Blind Spot

When your security team manages 10,215 locations across four countries, even a small gap in intelligence can mean missed threats. For this Fortune 10 healthcare organization, the gap was large: their internal incident data covered just 30 to 40 sites out of more than 10,215. The other 99.6% of their portfolio had no internal risk context at all.

The team already used Base Operations to assess external threats using BaseScore grounded in street-level crime and unrest data from 25,000+ global sources. But external data alone told only half the story. What was happening inside their own facilities remained invisible to the risk model.

A Data Problem Compounding at Scale

The organization's case management system was built for documenting serious incidents: assaults, thefts, major disruptions. But its complexity meant that routine disruptions signaling deteriorating conditions went unrecorded.

"We only document incidents that have an actual reported impact to something versus something that might be a slight disruption, because of just how cumbersome it is to document that," said the Security Director.

Risk assessments across 10,215 locations relied entirely on external data. Analysts could see the threat environment surrounding a facility but had no way to correlate it with their own documented incidents at the same address. Each assessment required approximately 5 hours of manual research. That meant manually pulling external crime data, cross-referencing internal incident records from separate systems, and reviewing facility security details individually.

The security team needed a way to bring internal data into the same platform, not as a separate exercise but as part of the risk picture that already existed in BaseScore.

Bringing Internal Data Into the Picture

Base Fusion provided exactly that. The product ingests internal incident records, automatically classifies them, and calculates two custom scores: Internal Risk Scores based on incident data and Facility Scores based on security infrastructure metadata. It then displays these alongside BaseScore, giving the team a complete view of risk that neither data source provides alone.

To satisfy the organization's enterprise security requirements, Base Operations implemented an AWS-only data processing model. All ingestion, processing, and analysis happens within cloud infrastructure so no employee devices touch customer data. This approach eliminates concerns around device management policies and provides a replicable pattern for any enterprise with strict data handling requirements.

With the technical framework in place, the teams aligned on data field definitions through an ontology review, mapping the organization's incident categories to Base Operations' data model. Approximately 80% of the categories aligned directly; the remaining 20% required custom mapping specific to the organization's operational context. A corporate security investigator on the team began delivering historical incident data — nine months of records from the team's case management and asset management systems.

Three Scores, One View

The first Internal Risk Scores were produced for 55 locations. Initial focus was on locations with six or more incidents in the trailing 12 months. Over the following months, the scoring methodology was finalized and monthly data refresh cadences established. In early 2026, Base Fusion went fully live across the portfolio.

The platform now provides three distinct scores visible side by side for each location:

• BaseScore provides standardized 0–100 risk ratings based on external crime and unrest data from 25,000+ global sources. It serves as the baseline threat assessment for every location.
• Internal Risk Score is calculated from internal incident data, factoring in the frequency, severity, and type of security events at each location. It reflects the internal security environment independent of external threats.
• Facility Score is calculated from facility metadata — security cameras, guard presence, alarm systems, and other security infrastructure. It reflects the security hardening at each site.

Viewing these scores together reveals patterns that neither data source surfaces alone. External crime trends might be declining in a neighborhood, but if internal disruptions are rising at a specific facility, the Internal Risk Score makes that divergence visible. A location might have a high BaseScore but also a strong Facility Score, indicating that security investments are proportional to the threat environment.

From Pilot to Full Portfolio

The initial Base Fusion deployment scored 55 locations with sufficient incident data. As the monthly data refresh cadence took hold and the organization expanded its internal reporting, coverage grew steadily. Internal Risk Scores are now active for 100 locations and expanding as more incident data flows into the system. Facility Scores cover effectively 100% of the portfolio of 10,215 locations.

Base Fusion also created a foundation for new operational capabilities. The combination of Internal Risk Scores and Facility Scores gives the security team a defensible, data-driven basis for facility tiering decisions — determining which locations require cameras, guards, badge access, or other physical security investments. Previously, those decisions relied on external crime data and subjective judgment. Now, internal incident patterns and security infrastructure data inform the prioritization directly.

Measurable Transformation

The addition of internal data to the platform completed the risk picture that analysts had been assembling manually across separate systems. Location assessments that previously required approximately 5 hours now take 45 minutes (over 80% reduction). Analysts access all three scores in a single view rather than cross-referencing case management logs, facility records, and external threat data individually.

Over the trailing four quarters, the security team evaluated 1,488 locations in depth, saved 5,984 analyst hours, and avoided $426,250 in FTE costs.

What Comes Next

The security team is now preparing to bring executive protection and travel risk assessment in-house by September 2026, with Base Operations data serving as the intelligence foundation. A Field Risk Assessment pilot is underway to score over 10,000 patient home-visit addresses. This proof of concept could scale to millions of addresses, extending the combination of internal and external intelligence to the scheduling workflows that route clinicians to patients' homes.

"We're going through a ton of changes from a staffing perspective," the Security Director said. "We're planning on using Base Fusion to support this transition and keep our people safe."