Broker blog from Delta Dental

Tag: security

Introducing the updated Delta Dental Mobile App

Delta Dental has relaunched its free mobile application. The updated Delta Dental Mobile App is faster and more stable and offers useful features such as member ID cards, the Find a Dentist tool and a cost estimator. The new app is available for both iOS and Android devices.

The current app will be disabled after December 19, 2021. For a seamless user experience, Delta Dental members who have the app installed should first download the updated app from the App Store or Google Play and then remove the current app from their device.

Saved dentists and dependent information will be automatically transferred to the new app, and members can use their current username and password to access it.

The Delta Dental Mobile App uses the latest security technology to protect users’ personal health information. No personal health information is ever stored on your device. For more details on security, view our Privacy Policy in the app menu.

For questions about the app, or if you having trouble logging in, contact Delta Dental Plans Association.

Fear and comfort: Why businesses should care about data security

Fear and comfort: Why businesses should care about data security 

As technology advances and we make more and more personal information vulnerable to cyber breaches, it’s difficult not to feel fear or anxiety about cyber security. According to the FBI’s Internet Crime Complaint Center, the FBI receives an average of 284,000 complaints each year of cybercrimes ranging from identity theft to phishing scams.

When businesses are on the line, the stakes are high. But that doesn’t mean you can’t find peace of mind when conducting business with other organizations. To find some comfort, ensure your clients are asking the right questions beforethey trust their information with a third party, including software vendors, hosting service providers and even insurers. As an insurer, Delta Dental handles both personally identifiable information (PII) and personal health information (PHI), so we take cybersecurity extremely seriously.

To point your clients in the right direction, we asked our security experts on staff to list some categories and questions to begin. Here are some of their suggestions.

Questions about baseline security considerations

  • What policies does your organization have in place to safeguard information?
  • How often do organizations review and update their security posture?
  • What measures has the organization taken to prevent security breaches and/or threats?

Delta Dental uses both our enterprise code of conduct and federal regulations to guide our information security practices, and we regularly update our policies.

Questions about physical security safeguards

  • Does the organization employ multi-factor authentication? Are any of these combined for two-factor authentication? Here are three ways to authenticate: 
    • Something you know (pin, password or similar codes)
    • Something you are (a biometric verification)
    • Something you have (a smart card, badge or chip)

At Delta Dental we use a variety of physical safeguards, including limiting physical and cyber access to PII and PHI. We are proud to employ a “principal of least privilege.” This means staff should only have a level of access that is absolutely necessary.Delta Dental offers insights from their information security team on how businesses can evaluate third-party vendors’ cyber security measures.

Questions about technical safeguards 

  • How does your organization secure data in transit?
  • Does your organization use encryption for data at rest?
  • Does your organization conduct regular vulnerability scans?
  • How does your organization evaluate third parties who may have access to PII or PHI?

For instance, we use secure file transfer processes (SFTPs) for data in transit to and from Delta Dental. We use encryption for any sensitive information — in transit and at rest.

We also use a vendor evaluation matrix to determine what information our vendor partners have access to, and compare access to the level of risk they pose. We then categorize vendors as high‑, medium- or low-impact vendors and assess them accordingly.

Questions about incident reporting protocol

  • What is your process for reporting a cyber security incident?
  • What is your timeline for reporting a cyber security incident?

These questions are crucial for building trust with an organization. At Delta Dental, we have four ways for employees to report any information breaches and three mandatory training programs to educate and encourage our employees on best practices in information security.

For more thought leadership from Delta Dental, subscribe to Insider Update, our newsletter for brokers, agents and consultants.

If you’re a benefits decision maker, administrator or HR professional, subscribe to our group newsletter, Word of Mouth.

Certified Ethical Hacker: oxymoron or Information Security genius?

We hope you’ve enjoyed reading our internal spotlight series on Delta Dental’s Information Security. (In case you missed any content, check out our article on employee training and compliance and our article with insights from our Director of Information Security.)

Did you ever think you’d be thankful to read the term “hacker”? If not, we may have a new perspective for you. Meet Chad Greiner, Security Engineer III and Certified Ethical Hacker (CEH) in training, and see how he’s going the extra mile to protect your clients’ privacy.

Q: How long have you been with Delta Dental, and what other jobs have you held in your field?

A: I’ve been here for about six years. Before joining this team, I worked for a medical alert device company. I served as the main administrator for their entire IT operation.

Q: You’re training to become a CEH. Are there any other certifications you have or plan to earn?

A: Yes, I’m a Certified Information Systems Security Professional (CISSP). The CISSP seems sort of like a generalized job title, but it’s actually a comprehensive certification. To sit for the exam, you have to have about five years’ worth of work experience, be recommended by a fellow CISSP in good standing and re-certify every three years. The CEH is kind of an extension of the CISSP, except it focuses on strategies to help you think like a criminal — so you’re better armed to prevent a cyberattack.

Q: With that said, do you think the CEH is a controversial certification?

A: We don’t view it as controversial within the security industry. My perspective is that any type of attack is a crime, so in any criminal field, you need to understand the people you’re trying to catch or obstruct to be effective at your job.

Q: That makes sense. How would you respond to criticism that the title “ethical hacker” is an oxymoron?

A: In my mind, intent is what makes an action ethical or unethical. I’m not necessarily learning how to break things; instead, I’m learning how things can be broken to prevent breaches in security from occurring.

Q: What do you think is the most important aspect of your CEH training?

A: Learning about what tools are out there has been extremely important. Early on in my career, there weren’t as many “hacking” opportunities readily available to experienced cybercriminals, let alone the average person. The way technology is evolving has made it easier to access private information — so it’s that much more important to learn every defense against cyberattacks that we can.

Q: Why do you think being a CEH is particularly valuable to an analyst within an organization like Delta Dental?

A: Knowing what to protect against — knowing what avenues people can take in an attack — is critical. It’s really the first and most important step in securing private information. Clients can have confidence in knowing that, with a CEH, we’re able to get into a criminal’s mindset and get a step ahead of them.


Thanks for reading our series on Information Security! Stay tuned for more client news and insights from Delta Dental. 

Information Security by the numbers

Spotlight on our Office of Compliance (OOC) team, and second article in our Information Security series.

We’ve done the math and found that preparation is better than reparation when it comes to securing private information. That’s why we prepare for security compromises as if they are imminent. In fact, we protect your private information in many different ways.

Beyond cutting-edge technology and a team of security analysts, preventing a security breach includes:

  • 1 focused team of compliance and privacy experts
  • 2 models for setting compliance standards — our enterprise code of conduct and federal guidelines
  • 3 mandatory training programs that educate employees and help prevent compliance, privacy and security breaches
  • 4 ways for employees to report potential compliance incidents if they do occur

98157_OOC article

Our compliance expertise adds up, giving you 10 reasons to know your organization’s private information is in good hands with Delta Dental.

And, did you know that one of the most frequent causes of a privacy incident is incorrect enrollee data? You can help safeguard sensitive information by ensuring that enrollee eligibility files are correct and updated with Delta Dental.

For more information on our approach to protecting your organization’s privacy, check out a recent interview with Sitaram Inguva, our director of Information Security.

© 2022 Insider Update

Theme by Anders NorenUp ↑