The cybersecurity team at Health Care Service Corp., an insurance agency, goes to great lengths to ensure its customers' — which includes the records of the nearly 15 million Blue Cross Blue Shield members in five states — data are kept safe, according to Dallas News.
Health Care Service Corp. Chief Information Security Officer Kevin Charest said his team monitors cyber activity 24/7. Nearly 200 analysts' eyes are glued to a large digital map of the world that traces hackers' activity as they try to break into computer networks for medical data. They track thousands of attempts each second.
The company's regional security operation center, called the Cyber Fusion room, is located in the Dallas-based C1 Innovation Lab, which houses select Blue Cross of Texas offices. It also has divisions in Richardson, Texas and Waukegan, Ill.
Health data is not only becoming more valuable to hackers, who sell it for profit on the dark web, but the healthcare industry is putting itself at increased risk as it moves toward digitization. The plethora of technologies hospitals use — EHRs, heart monitors and laptops — all connect to the internet and create virtual "doors" hackers can write programs to "knock" on.
"People used to rob banks, now they rob information," Dean Sittig, PhD, a professor of biomedical informatics at the University of Texas Health Science Center in Houston, told Dallas News. When it comes to your health data, "there's money to be made," he added. Cyber experts told Dallas News criminals use stolen health data to provide medical documentation, exploit health insurance or lie about their health to their employers.
Mr. Charest said Health Care Service Corp. plans to make "significant investments" in "internal and external identity management" over the next two years. This includes being able to evaluate how staff members access confidential information from inside and outside the office, or the addition of security features like face recognition or fraud alerts.
Beyond monitoring attempted hacks geographically, Mr. Charest said his team frequently conducts penetration testing in which staff members are paid to hack into the network and help identify unsecured doors or other potential vulnerabilities.
"They're allowed to lie, cheat and steal to do their job," Mr. Charest told Dallas News. "We build our defenses, but we also try every single day to break them."
More articles on cybersecurity:
HHS Deputy CISO Leo Scanlon refutes ethics allegations
Researchers in Canada collect PHI from recycling bins to study hospital information security
OIG audits HHS' compliance with the Federal Information Security Modernization Act: 4 notes