Security Congress Abstract
Healthcare is more lucrative for cyberattackers since healthcare data is more valuable than financial data and the industry still has legacy systems and processes.
At Delta Dental, we are baking in security fundamentally and designing a secure zero-trust architecture in a phased approach. In consideration of HIPPA compliance and PII/PHI protection, we have introduced some tweaks and are proposing C.A.R.E.—Conditional Access and Risk-based Enforcement. Our policy enforcement stresses on ephemeral and adaptive authentication for subjects. It also focuses on objects, especially systems/data containing PII/PHI information, using micro-segmentation and traditional enforcement of security using firewall/IPS/DLP/EDR. Our agile shift-left strategy emphasizes on ensuring secure trusted applications are deployed. Our continuous trust model emphasizes on continuous traffic monitoring and intelligence to detect and prevent suspicious behavior.