Skip to main content

Cyber security in the International Private Medical Insurance market

Facing data security challenges head on  

Many in the International Private Medical Insurance sector consider both internal and external data breaches to be among the greatest challenges the industry faces. Alan Payne, Chief Information Officer (CIO) at Aetna International, explains how one of the largest insurers in the international space is approaching this complex problem.

Close attention is paid to the issue of data and cyber security at Aetna International, from the CEO down through all employee layers. This is a mandatory discussion item at every monthly board meeting, where Aetna International’s threat assessment is examined in detail and proactive improvement measures are agreed and authorised.

Aetna’s Global Chief Security Officer (CSO), James Routh, has implemented a risk-driven and highly innovative security program where controls are adjusted consistently based on changes in the cyber threat landscape. Aetna does this by designing and implementing unconventional controls that help improve risk management while offering consumers choices in how they interact with mobile and web applications.

As an industry, we face both internal and external challenges.

External Threats

Aetna uses extensive resources to study threat actor tactics from private and public sources. We also share information extensively through the National Health Information Sharing and Analysis Center (NH-ISAC) and the Financial Services Information Sharing and Analysis Center (FH-ISAC) and currently serve on the boards for both organisations. Aetna’s security engineers lead the NH-ISAC Threat Intelligence Committee, collaborating with industry partners to reverse engineer malware samples to determine effective controls that are then shared with the entire industry.

This type of activity helps ensure our business processes are resilient and greatly improves our ability to help protect member information.

Internal Threats

Aetna uses an innovative philosophy to monitor and help prevent internal threats. We use a model-driven privilege user monitoring capability that operates in real-time, comparing on-line behaviour for all registered network users to mathematical models representing past behavioural patterns. Any irregular patters or anomalistic events are shared with cybersecurity leaders within the enterprise. Aetna was the first organisation to deploy this capability at scale across the enterprise.

Role-based activity

All of our staff members are subject to stringent role-based activity control. This limits permissions to networks, data, activities and locations unless access is necessary for the employee to perform their roles.

An employee might be granted rights to undertake particular functions such as processing claims or making payments to a member. The employee will only be able to access the systems relevant to their tasks. Employee access to customer information will be restricted too, often down to small groups of customers or even to an individual level if necessary. The staff member can’t view member details outside of their particular division, department or location.

Segmenting roles to this level restricts access to raw data and creates a governance framework around what employees can do with the data. For example, the ability to transfer data is very strictly controlled. All on-line user behaviour is compared to models for potential cases of misuse of privilege using multiple layers of controls.

This strategy is highly effective in preventing employees from accessing and manipulating large amounts of customer data inappropriately.

SPEAR Programme

SPEAR is Aetna International’s security protection, elimination and reduction programme. This allows us to track outgoing emails from employee accounts for patterns of codes. A 4-4-4-4 numeric pattern, for example, indicates a credit card number, while a 3-3-4 pattern might be a social security number from the U.S.

The process scans outgoing traffic for code patterns. As an example, any email leaving our protected domain with a recognised pattern will be caught, flagged and assessed by a security officer in that country before being released.

Looking to the future

Aetna International’s thinking doesn’t end with traditional controls. Information was recently published about Aetna’s next generation security architecture that involves replacing passwords with member choices for biometric controls fed into a risk engine that provides continuous authentication capability. We believe this is the first time the customer journey has been improved without adding friction to the customer experience while also significantly improving security risk management.

For more information on the health care and insurance support and services expats and clients can expect from Aetna International, please contact one of our expert consultants. Alternatively, for media enquiries, visit our ‘News’ page. 

Aetna® is a trademark of Aetna Inc. and is protected throughout the world by trademark registrations and treaties.

We use cookies to give you the best possible online experience. See our cookie policy for more information on how we use cookies and how you can manage them. If you continue to use this website, you are consenting to our policy and for your web browser to receive cookies from our website.

You are now leaving the Aetna International website

Links to various non-Aetna sites are provided for your convenience only. Aetna Inc. and its subsidiary companies are not responsible or liable for the content, accuracy, or privacy practices of linked sites, or for products or services described on these sites.

Continue

You have been redirected to an Aetna International site. InterGlobal is now part of Aetna, one of the largest and most innovative providers of international medical insurance. We have combined our businesses to create one market-leading health care benefits company. This means we can better serve people who depend on Aetna International and InterGlobal to meet their health and wellness needs.

Please read the terms and conditions of the Aetna International website, which may differ from the terms and conditions of www.interglobalpmi.com.

You may not be able to access certain secure sites and member pages on the Aetna International website unless you have previously registered for them or hold applicable policies.

To continue, please close this message or navigate using the links above.

Close

You have been redirected to an Aetna International site. InterGlobal is now part of Aetna, one of the largest and most innovative providers of international medical insurance. We have combined our businesses to create one market-leading health care benefits company. This means we can better serve people who depend on Aetna International and InterGlobal to meet their health and wellness needs.

UltraCare policies in Thailand are insured by Safety Insurance plc and reinsured by Aetna Insurance Company Limited, part of Aetna International. You can access our plans by following the links below:

Please read the terms and conditions of the Aetna International website, which may differ from the terms and conditions of www.interglobal.com/thailand.

You may not be able to access certain secure sites and member pages on the Aetna International website unless you have previously registered for them or hold applicable policies.

To continue, please close this message or navigate using the links above.

Close

You have been redirected to an Aetna International site. InterGlobal is now part of Aetna, one of the largest and most innovative providers of international medical insurance. We have combined our businesses to create one market-leading health care benefits company. This means we can better serve people who depend on Aetna International and InterGlobal to meet their health and wellness needs.

UltraCare policies in Vietnam are insured by Baoviet Insurance Corporation Limited, and reinsured by Aetna Insurance Company Limited, part of Aetna International. You can access our plans by following the links below:

Please read the terms and conditions of the Aetna International website, which may differ from the terms and conditions of www.interglobal.com/vietnam.

You may not be able to access certain secure sites and member pages on the Aetna International website unless you have previously registered for them or hold applicable policies.

To continue, please close this message or navigate using the links above.

Close