Whenever there’s a big data dump, the security experts at Aetna jump on it and use analytics to scan and identify any credentials that are the same as those of a current user. A match means there’s an opportunity for hackers to take advantage of those credentials. The team immediately forces a password reset and begins the process to fix the problem
While the banking and defense industries are miles ahead of healthcare when it comes to dealing with threats from cybercriminals, Aetna’s team is an example of what healthcare should be doing. This may have something to do with Jim Routh, their Chief Information Security Officer having worked for American Express and had been the global head of application and mobile security at JP Morgan Chase.
One of the things that Routh understands about cybersecurity is how important intelligence sharing is. The healthcare industry has been slow to adapt this approach but the most effective security teams share information through groups like the National Health Information Sharing and Analysis Center (NH-ISAC), the FBI’s joint private sector partnership InfraGard, the Department of Homeland Security’s Cyber Information Sharing and Collaboration Program (DHS CISCP), or the U.S. Computer Emergency Readiness Team (US-CERT). The key to intelligence sharing being successful is to share what you know, and to not just use one of these services. You may get different intelligence from different sources.
Additionally, an organization’s security team not only needs the ability to lock a network down before the whole system is compromised, being able to monitor the dark web so that it won’t be blindsided is important as well. Many dark web experts come from a military background with experience in information gathering, specifically when it comes to monitoring an enemy’s tactics, techniques, and procedures.
It took a while for the banking and defense industries to come around with the evolving threat of cybersecurity. It appears now that the healthcare industry is poised to take that next inevitable step.