Last week’s disclosure that a major health insurer was hit by a massive cybersecurity breach has led to renewed media attention about the measures that benefits management companies are taking to protect their customers' personal information – specifically, the medical data that could be used by identity thieves to perpetuate costly fraud.

MedBen has always been proactive in its efforts to ensure the safety of client data. We’ve had an in-house information systems team since the introduction of our internal mainframe network in the late 80’s, and a considerable portion of their collective responsibility, then and now, has been in finding ways to maximize data security and guarantee client privacy.

Today, MedBen approaches cybersecurity from three perspectives – external, internal and physical.

External Safeguards

• We employ multiple layered hardware devices to prevent access to the internal networks.
• Communication with clients that contain sensitive information is only permitted using a secure email link or a secure messaging web server.
• All incoming and outgoing emails are scanned by a hardware device to detect and quarantine malware and other forms of misbehaviors.

Internal Safeguards

• All devices accessing the Internet must pass through a hardware device that scans the traffic in either direction.
• Desktops and servers have an industry-leading virus scanner installed. The scanner definitions are updated automatically whenever the vendor releases new versions to our controlling server. The client computers are automatically scanned on a frequency-based schedule.
• Desktops and servers are governed by a central policy relating to security. This ranges from password aging and complexity to the length of time before the network-enabled screen saver will activate, requiring the user’s credentials to return to their work.

Physical Safeguards

• Access to the building is restricted by electronic locks and is computer controlled based on job-function needs.
• Sensitive areas are limited to appropriate personnel – and again, access is based on job-function needs.
• DVR-connected security cameras cover the outside perimeter of the building. Internally, cameras cover the key areas of access. This includes sensitive areas, such as the server rooms.

As the recent wave of cyber attacks has demonstrated, even the most protected systems can still be vulnerable. That’s why in addition to the safeguards above, we conduct periodic penetration tests, in which outside firms attempt to break into our system. During our last test in 2014, IBM’s Consulting Unit was unable to breach our defenses, and offered suggestions that improved our security further still.

You’ve placed your trust in MedBen, and never do we take that trust for granted. We will continue to do everything in our power to maintain your confidence and keep your data safe.

MedBen clients with questions regarding our cybersecurity measures are welcome to contact Vice President of Information Systems and Chief Privacy Office Rose McEntire at rmcentire@medben.com.