In This Issue

Past Newsletters

Local and Other News

Information Security Program Leverages Industry-Leading Solutions to Help Protect Customer Data

October 10, 2017

The health care industry continues to be a target of sophisticated cybersecurity attacks. Threats range from ransomware to denial of service attacks that are linked to the proliferation of the “Internet of Things” (IoT).1 For this reason, cybersecurity has emerged as a top concern for the health care industry. Security compromises have resulted in the loss or compromise of sensitive and protected health information (PHI).

Health care organizations must invest in strong cybersecurity and data protection practices designed to help protect the confidentiality, integrity and availability of information systems and assets.

Commitment to Securing Customer Data
At UnitedHealth Group, our commitment to securing data is integral to the relationships we have with all of our customers and vendors alike. We continue to focus on deploying leading security practices to stay apace with evolving cybersecurity threats and risks to customer data.

Key Security Objectives
We use industry-leading security frameworks to help protect data, leverage technology and deliver best-in-class security operations and services.


Information Security Program
UnitedHealthcare manages and supports a robust information security program with protocols that are based on industry practices, applicable regulatory obligations, defense industry practices, and customer considerations. Policy, standards and guidelines, reviewed on a frequent basis, are used to manage the specific requirements of general computing, audit and security controls. Regulatory requirements, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, are also reflected in our information security program.

Other Key Areas of Focus

  • Network Security: Leading security technology for perimeter defense of network computing assets continues to be a priority providing a first line of defense.
  • Cybersecurity: World-class threat hunting, digital forensics services and data scientists to sustain and leverage one of the largest security event data lake storage repositories in the industry.
  • Operational Security: A multi-factor access strategy that includes smart cards, tokens and a centralized access control model.
  • Vendor Risk Management: Risk assessments are performed by enterprise information security and vendor management offices to review findings, agree on mitigating activities and set forth ‘trust, but verify’ processes until risks are appropriately mitigated.

For additional information about UnitedHealth Group’s Information Security Program, please review our Enterprise Information Security brochure or contact your UnitedHealthcare representative with questions.


1The “Internet of Things” (IoT) is a giant network of connected “things” (which also includes people). It is the concept of connecting any device with an on/off switch to the Internet (and/or to each other).