Why Cyber-Attack Drills Are ImportantCISO at Major Insurer Explains Security Goals
"By detecting and responding to simulated cybersecurity incidents, we're going to learn what works well and what opportunities exist to improve our security practices. That will be extremely important to us," says Biondo of HCSC, which runs Blue Cross/Blue Shield plans in five states. HCSC is one of a dozen organizations that will be participating in CyberRX, a breach-prevention effort that will stage two simulated cyber-attacks.
The exercises will involve the U.S. Department of Health and Human Services, the Department of Homeland Security and several large healthcare companies. The Health Information Trust Alliance, or HITRUST, is coordinating the drills (see: Healthcare Cybersecurity Drills Slated).
Compared with other business sectors, such as financial services, healthcare has "a lot catching up to do" when it comes to cybersecurity, Biondo says in an interview with Information Security Media Group. By collaborating in the CyberRX effort, he says, "what we're really hoping to do ... is to benchmark HCSC's capabilities with others in the healthcare industry ... and to share best practices."
While the healthcare sector faces "some serious issues like identity theft and business disruption" that are also common in other industries, healthcare also faces some unique challenges, including cyberthreats to patient safety tied to thousands of medical devices that are networked, he notes.
Other Security Priorities
In addition to HCSC's participation in CyberRX, the company will be focused this year on several other privacy and security priorities.
"Big data is on the forefront of our business innovation, and we have to ensure that as more data becomes available, it's protected in a way that still allows access [for] the parties who need it, when they need it and in the manner they need it," he says.
Also in the spotlight at HCSC in 2014 are addressing security issues involved in BYOD and cloud computing services.
In the interview, Biondo also discusses:
- Privacy and security challenges facing HCSC related to the Affordable Care Act;
- How HCSC deals with differing privacy laws in the states where it offers health plans;
- The challenges involved with providing consumers access to their digitized health data.
Biondo has been senior vice president and CISO of Health Care Service Corporation since 2005. The company provides healthcare coverage to nearly 14 million members through Blue Cross Blue Shield plans in Illinois, Montana, New Mexico, Oklahoma and Texas. Biondo's responsibilities include information security for the HCSC enterprise and information access regulatory compliance. He is also responsible for overseeing access control, IT risk management, internal controls governance and regulatory compliance. Before joining HCSC, Biondo held an IT leadership position at Aon Corp.