Prime Therapeutics takes an active role in combating cyberattacks
Serving nearly 20 million people, Prime Therapeutics helps people get the medicine they need to feel better and live well. One of America’s leading pharmacy benefits managers, the company manages benefits for employers, health plans, and government programs—including Medicaid and Medicare—and delivers medicine to members and offers clinical services to people with complex medical conditions.
As a trusted health benefits provider, Prime Therapeutics is committed to maintaining the data privacy of its members. This is part of its promise to customers and also a regulatory requirement. Because of this, the company invests heavily in security to protect medical information from malicious attacks. This includes continually scanning its IT infrastructure for vulnerabilities and automatically identifying software upgrades and patches needed to keep ahead of a growing range of security threats.
Vulnerability scanning tools can pinpoint tens of thousands of vulnerabilities, but they don’t manage the process of remediating them. Instead, security teams rely on manual processes, sending separate spreadsheets to each IT system owner, highlighting the vulnerabilities that they need to fix.
According to Cameron Kracke, Senior Director, Information Security Operations, Prime Therapeutics: “It’s an industry-wide problem. If you rely on spreadsheets and email, there’s no easy way to track progress, and things fall through the cracks. There’s no process to drive closure and no accountability, which means it can take weeks or even months before vulnerabilities are fixed.”
ServiceNow improves organization-wide visibility into vulnerabilities to eliminate threats faster
Cameron knew there had to be a better way. He says, “Prime was already using ServiceNow for IT service management. By adding the vulnerability response capabilities in ServiceNow Security Operations, we could automate the critical link between security and IT, dramatically reducing remediation times and ensuring nothing was missed.”
Today, Prime Therapeutics scans its IT environment and automatically uploads vulnerability information to ServiceNow. ServiceNow then assigns each vulnerability to the right IT owner based on the affected assets and drives the entire remediation workflow.