Prime Therapeutics protects member data against security threats

Prime Therapeutics takes an active role in combating cyberattacks
Serving nearly 20 million people, Prime Therapeutics helps people get the medicine they need to feel better and live well. One of America’s leading pharmacy benefits managers, the company manages benefits for employers, health plans, and government programs—including Medicaid and Medicare—and delivers medicine to members and offers clinical services to people with complex medical conditions.

As a trusted health benefits provider, Prime Therapeutics is committed to maintaining the data privacy of its members. This is part of its promise to customers and also a regulatory requirement. Because of this, the company invests heavily in security to protect medical information from malicious attacks. This includes continually scanning its IT infrastructure for vulnerabilities and automatically identifying software upgrades and patches needed to keep ahead of a growing range of security threats.

Vulnerability scanning tools can pinpoint tens of thousands of vulnerabilities, but they don’t manage the process of remediating them. Instead, security teams rely on manual processes, sending separate spreadsheets to each IT system owner, highlighting the vulnerabilities that they need to fix.

According to Cameron Kracke, Senior Director, Information Security Operations, Prime Therapeutics: “It’s an industry-wide problem. If you rely on spreadsheets and email, there’s no easy way to track progress, and things fall through the cracks. There’s no process to drive closure and no accountability, which means it can take weeks or even months before vulnerabilities are fixed.”

ServiceNow improves organization-wide visibility into vulnerabilities to eliminate threats faster
Cameron knew there had to be a better way. He says, “Prime was already using ServiceNow for IT service management. By adding the vulnerability response capabilities in ServiceNow Security Operations, we could automate the critical link between security and IT, dramatically reducing remediation times and ensuring nothing was missed.”

Today, Prime Therapeutics scans its IT environment and automatically uploads vulnerability information to ServiceNow. ServiceNow then assigns each vulnerability to the right IT owner based on the affected assets and drives the entire remediation workflow.

With its mission-critical assets more secure, Prime Therapeutics focuses on meeting its members’ needs
With ServiceNow, Prime Therapeutics can prioritize vulnerabilities that affect sensitive medical and financial data. Because each vulnerability is attached to its corresponding asset in the ServiceNow Configuration Management Database, Cameron’s team can instantly see its business context, including affected business services and related configuration items.

“By focusing on what matters most, Prime can significantly enhance the security of our most mission-critical assets,” says Cameron. “And, this is another win-win for security and IT—this type of business visibility is critical across the board, whether you’re dealing with service availability, security incidents, or vulnerabilities.”

He concludes: “Keeping members’ data secure is our top priority. That’s why we chose ServiceNow. It gives us a structured, efficient way of eliminating vulnerabilities. We fix things more quickly and nothing slips between the cracks.”