Your Security is Our Top Priority

                                     

 

At Delta Dental of North Carolina, we take our responsibility to protect and safeguard your information very seriously. Our strategy to secure personally identifiable information (PII), protected health information (PHI) and other forms of privacy information is multifaceted and includes the following:

Encrypting our data:

Desktops, laptops and servers are encrypted where privacy data is stored; removable media such as thumb drives, CDs and DVDs are strictly limited to approved personnel, and all data written to those devices is encrypted; and backup tapes containing privacy data are encrypted.

Securing our locations:

Employees wear radio frequency identification (RFID) security badges to access buildings and interior secured areas on the main campus; and internal and external video cameras are monitored 24/7.

Strictly governing passwords and access:

Passwords are changed at regular intervals, and “strong” passwords are required; we review accounts regularly for appropriate access; access is immediately revoked on all employee terminations or separations; and two-factor authentication is in place for all privileged users.

Conducting checks:

We perform background checks on all employees and contractors prior to being granted access to systems.

Protecting our systems:

Anti-virus is installed and updated on all desktops, laptops and servers; internal and external firewalls segregate Internet-facing traffic from internal, and they segregate internal users from direct access to servers; Intrusion Prevention Systems (IPS) are installed at critical “choke points” on the network; egress filtering reduces the threat of command and control malware infections; and email gateways identify and encrypt messages that contain privacy information.

Testing our security:

We regularly try to penetrate and exploit our systems to make sure everything is functioning as it should and no weaknesses exist
 

These safeguards and more comply with guidelines issued by The National Institute of Standards and Technology (NIST) 800-53 Special Publication on Recommended Security Controls for Federal Information Systems and Organizations, the Center for Internet Security (CIS) Benchmarks, and the Department of Defense (DoD) Security Technical Implementation Guides (STIG).