What payers can learn from Aetna's CISO

As the role of chief information security officer (CISO) continues to expand throughout the healthcare industry, insurers can take a page from Aetna's book in how to successfully implement and build this position.

Chief Security Officer Jim Routh (pictured right) joined Aetna amid a time of frequent email spam and cyberattacks, according to an executive brief from Agari. Cyberattackers sent some 65 to 70 million emails each year, using Aetna's name to scam consumers into providing their personal information.

Understanding the need to protect consumer information, especially given that medical data is worth much more on the black market than a Social Security number, Routh began to inform Aetna board members about the importance of enterprise cybersecurity.

Routh then set out to discuss strategies with individual teams. For instance, when speaking with the marketing team, the conversation focused on click-through rates and the return of investment from email marketing. And because conversations varied among the different teams, Routh was the glue that held the different pieces together, the brief points out.

Given the rather high turnover rate of CISOs, whoever assumes the position needs to become truly integrated with other C-suite employees. A CISO can achieve this by understanding business priorities, especially brand protection; communicating with all teams within the company in order to learn from and inform them of strategic steps; and taking initiative when it comes to building new areas of business.

While various CISOs continue to collaborate with executives on technology decisions, they can do better at working with other healthcare organizations, FierceHealthPayer previously reported.

For more:
- here's the brief

Suggested Articles

To reduce readmissions and create greater operational and cost efficiencies for providers and payers, we must rethink how we deliver and manage care.

Outpatient specialty drugs can be a lucrative income source for not-for-profit hospitals, but Washington presents some risks, Moody's says.

The growing role of data in our lives raises important questions about data access and ownership. Who rightfully owns the data?