In light of the recent hacking event at Community Health Systems. Aetna's Chief Information Security Officer discusses measure being implemented to improve security on their end.
There's been a lot of talk about compliance lately. Federal and state regulations. HIPAA regulations. But, if you're in charge of healthcare security, compliance is far from sufficient, says Jim Routh, chief information security officer for Aetna, one of the nation’s leading diversified healthcare benefits companies.
"The focus of the information security capabilities and controls has less to do with the regulatory requirements and more to do with the shift in tactics and trends for cybersecurity threats," he explains.
If you think about it, he says, the cycle time for regulatory requirements is measured in years. They’re typically years out of date at best, as it takes time to figure out what the rules should be and what the best way to enforce the rules is.
Compare that with the cycle time on the threat side, which proves fundamentally different. "Back in the good ol' days,” Routh says, "we'd go four or five years before there was a major shift in tactics used by cybersecurity criminals."
Read the interview here: http://bit.ly/1oDTwUm
Source: Healthcare IT News