An Interview with Jeff Shipley on Cybersecurity Threats in Healthcare Insurance
Did you know? On the dark web, the price for stolen health records can be up to 200x more than stolen credit card numbers, and up to 1,000x for Social Security numbers. Are you protected? 1
The healthcare insurance industry is entering uncharted waters. While digital transformation promises enhanced efficiency and an improved experience, it also opens the door to emerging cybersecurity threats in healthcare. Understanding these threats and implementing robust security measures is crucial for healthcare insurance companies to avoid a breach.
Jeff Shipley, Vice President of Strategic Accounts, Healthcare at Concentrix, is a cybersecurity expert and former healthcare insurance CIO. He joined us for in-depth discussion on the evolving threats to the industry, offering unique perspectives on the challenges that insurance companies face and strategies for adapting.
Question: Can you give us a quick rundown of your tenure as a CIO in insurance and the cybersecurity issues you faced?
Jeff Shipley: Absolutely. Over the course of my career, I’ve seen cybersecurity threats evolve massively. From managing data safety as a CTO and CIO, to addressing them head-on as the CEO of a cybersecurity company, I’ve gained valuable insights into this ever-changing landscape.
Question: What are some of the emerging cyberthreats you’re seeing today?
Jeff Shipley: If you’re talking healthcare insurance, the implementation of blockchain for secure documents, although beneficial to the insurance companies, also poses additional risks because it’s a fairly new technology that creates new vectors for cyberattacks.
Data analytics, AI, and generative AI are all new areas that pose considerable cybersecurity risk in the insurance industry. Not to mention, every insurance company of any size is investing heavily in customer experience and in their digital platforms. This means a lot of different touchpoints and disparate data, which expand the threat landscape.
Question: How do leading insurance companies adapt their risk management strategies to these emerging cyber threats?
Jeff Shipley: There’s more investment in developing robust cybersecurity programs around the end point in the network and encryption of data at rest and in transit.
Data used to live inside the four walls of your data center. Now it’s all over the world and a whole bunch of different data centers. So again, the threat landscape has expanded significantly over the last five to 10 years.
Part of having a sophisticated cybersecurity program is enhanced employee training and awareness and making that mandatory. Having more internal phishing tests makes sure employees understand cybersecurity, because the weakest link is the person on the other end of the keyboard. Security always starts and ends with people.
There’s also more focus on monitoring and control. Internal and external audits have ramped up, where you used to do them every two years. Now you’re doing them multiple times a year.
You’re still leveraging similar types of technology, protecting the data at rest, protecting it in transit, protecting the endpoints, doing your virus scans, those kinds of things. But the biggest change may be where accountability now lies.
It used to be someone in IT was accountable, and that was their challenge. Now that accountability rests solely on the CEO’s desk. It’s coming from top down, instead of bottom up.
Question: How is digital transformation shaping the future of insurance, and how does this change the cybersecurity landscape?
Jeff Shipley: Digital transformation takes many forms. The expectations of the end consumer have dramatically increased, which is impacting insurance companies.
Healthcare insurance companies are under a tremendous amount of pressure to behave like ecommerce. Digital transformation now needs to take place at the digital front door—in your data, analytics, and omnichannel strategy.
Often insurance companies rely on vendors to enable digital transformation—think of all the third-party platforms you use in your day-to-day job. You’re relying on them to make sure that the data and the applications they provide are secure. And if those applications are running in the cloud, ensuring that those cloud infrastructures are secure and locked down.
Some of the biggest breaches that we’ve seen over the last five years haven’t necessarily been the fault of the major companies that are spending millions of dollars on their security. What’s happening is they rely on third-party vendors, which are often smaller organizations, and these vendors are getting breached and then the bad actors are traversing through the network.
The hackers ultimately get to the big prize, which in healthcare insurance would be the big company with lots of personal health information (PHI) or personally identifiable information (PII).
Question: If you had one piece of advice for insurance companies on cybersecurity protection, what would it be?
Jeff Shipley: I would advise companies to give importance to cybersecurity in their budgets, educate their employees, involve the board in cybersecurity discussions, and invest in protection.
It’s very difficult to keep up with how quickly technology is changing right now, especially if you’re not in the business of technology. And a healthcare insurance company is in the business of providing insurance or providing care, not cybersecurity. While it’s crucial to ensure your team is informed about the latest threats, it’s equally imperative to collaborate with a dedicated cybersecurity firm. Such partners are in the best position to understand real-time threats as they emerge in the wild.
A breach can instantly erode trust, wiping out customer confidence in a brand, potentially forever. What follows often involves compliance and regulatory issues and fines. The lasting damage to your brand may be irreparable.
Looking to enhance your cybersecurity strategy and stay ahead of emerging threats? Protect yourself from the devastating effects of a data breach with our cybersecurity managed services.
1 “Healthcare Data: The Perfect Storm,” Sanjay Cherian, Forbes, January 14, 2022.
