STOCK TITAN
  1. Home
  2. News
  3. DGX

Quest Diagnostics Fortifies Patient Data Privacy and Cybersecurity With Robust Safeguards and Ongoing Threat Mitigation Strategies

Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

Quest Diagnostics has detailed its comprehensive approach to protecting patient data privacy and cybersecurity. The company maintains a robust privacy program with detailed policies, procedures, and annual HIPAA training for all employees. Their cybersecurity framework, overseen by the Chief Information Security Officer, includes multiple security measures aligned with industry best practices.

The company's cybersecurity program encompasses various domains including IT risk management, access controls, data protection, threat intelligence, and incident response. Quest has established an IT Risk Council for oversight and prioritizes supply chain security by assessing vendor security postures. The program adheres to multiple security frameworks including NIST 800, MITRE 40 ATT&CK, and ISO standards, with oversight from the Board of Directors through specialized committees.

Quest Diagnostics ha illustrato il suo approccio globale per la protezione della privacy dei dati dei pazienti e della cybersecurity. L'azienda mantiene un programma di privacy robusto con politiche dettagliate, procedure e formazione annuale HIPAA per tutti i dipendenti. Il loro framework di cybersecurity, supervisionato dal Chief Information Security Officer, include numerose misure di sicurezza allineate alle migliori pratiche del settore.

Il programma di cybersecurity dell'azienda comprende vari ambiti tra cui la gestione del rischio IT, i controlli degli accessi, la protezione dei dati, l'intelligence sulle minacce e la risposta agli incidenti. Quest ha istituito un IT Risk Council per la supervisione e dà priorità alla sicurezza della catena di fornitura valutando le posture di sicurezza dei fornitori. Il programma aderisce a più framework di sicurezza, tra cui NIST 800, MITRE 40 ATT&CK e gli standard ISO, con supervisione da parte del Consiglio di Amministrazione attraverso comitati specializzati.

Quest Diagnostics ha detallado su enfoque comprensivo para proteger la privacidad de los datos de los pacientes y la ciberseguridad. La empresa mantiene un programa de privacidad robusto con políticas detalladas, procedimientos y capacitación anual en HIPAA para todos los empleados. Su marco de ciberseguridad, supervisado por el Director de Seguridad de la Información, incluye múltiples medidas de seguridad alineadas con las mejores prácticas de la industria.

El programa de ciberseguridad de la empresa abarca varios dominios, incluyendo la gestión de riesgos de TI, controles de acceso, protección de datos, inteligencia de amenazas y respuesta a incidentes. Quest ha establecido un Consejo de Riesgos de TI para supervisar y prioriza la seguridad de la cadena de suministro al evaluar las posturas de seguridad de los proveedores. El programa se adhiere a varios marcos de seguridad, incluyendo NIST 800, MITRE 40 ATT&CK y estándares ISO, con supervisión de la Junta Directiva a través de comités especializados.

Quest Diagnostics는 환자 데이터 개인정보 보호 및 사이버 보안을 위한 종합적인 접근 방식을 상세히 설명했습니다. 이 회사는 모든 직원에게 연간 HIPAA 교육을 포함하여 자세한 정책과 절차를 갖춘 강력한 개인정보 보호 프로그램을 유지하고 있습니다. 그들의 사이버 보안 프레임워크는 정보 보안 책임자가 감독하며, 업계 모범 사례에 맞춘 여러 보안 조치를 포함하고 있습니다.

회사의 사이버 보안 프로그램은 IT 위험 관리, 접근 통제, 데이터 보호, 위협 인텔리전스 및 사고 대응 등을 포함한 다양한 영역을 포괄합니다. Quest는 감독을 위한 IT 위험 위원회를 설립하고, 공급업체의 보안 태세를 평가하여 공급망 보안의 우선순위를 두고 있습니다. 이 프로그램은 NIST 800, MITRE 40 ATT&CK 및 ISO 표준을 포함한 여러 보안 프레임워크를 준수하며, 전문 위원회를 통해 이사회에서 감독하고 있습니다.

Quest Diagnostics a détaillé son approche globale pour protéger la confidentialité des données des patients et la cybersécurité. L'entreprise maintient un programme de confidentialité robuste avec des politiques détaillées, des procédures et une formation annuelle HIPAA pour tous les employés. Leur cadre de cybersécurité, supervisé par le directeur de la sécurité de l'information, comprend plusieurs mesures de sécurité alignées sur les meilleures pratiques de l'industrie.

Le programme de cybersécurité de l'entreprise englobe divers domaines, y compris la gestion des risques informatiques, les contrôles d'accès, la protection des données, l'intelligence sur les menaces et la réponse aux incidents. Quest a établi un Conseil des Risques Informatiques pour la supervision et priorise la sécurité de la chaîne d'approvisionnement en évaluant les postures de sécurité des fournisseurs. Le programme respecte plusieurs cadres de sécurité, y compris NIST 800, MITRE 40 ATT&CK et les normes ISO, sous la supervision du Conseil d'Administration par le biais de comités spécialisés.

Quest Diagnostics hat seinen umfassenden Ansatz zum Schutz der Privatsphäre von Patientendaten und der Cybersicherheit detailliert beschrieben. Das Unternehmen pflegt ein robustes Datenschutzprogramm mit detaillierten Richtlinien, Verfahren und jährlichen HIPAA-Schulungen für alle Mitarbeiter. Ihr Cybersicherheitsrahmen, der vom Chief Information Security Officer überwacht wird, umfasst mehrere Sicherheitsmaßnahmen, die an den besten Praktiken der Branche ausgerichtet sind.

Das Cybersicherheitsprogramm des Unternehmens umfasst verschiedene Bereiche, darunter IT-Risikomanagement, Zugriffskontrollen, Datenschutz, Bedrohungsintelligenz und Vorfallreaktion. Quest hat einen IT Risk Council zur Überwachung eingerichtet und priorisiert die Sicherheit der Lieferkette, indem es die Sicherheitslage der Anbieter bewertet. Das Programm hält sich an mehrere Sicherheitsrahmen, darunter NIST 800, MITRE 40 ATT&CK und ISO-Standards, mit Aufsicht des Verwaltungsrats über spezialisierte Komitees.

Positive
  • Comprehensive cybersecurity program aligned with multiple industry-standard security frameworks
  • Established IT Risk Council with enterprise-wide representation
  • Mature privacy program with detailed policies and regular employee training
  • Board-level oversight of cybersecurity through specialized committees
Negative
  • None.

NORTHAMPTON, MA / ACCESSWIRE / December 4, 2024 / Quest Diagnostics

Originally published in Quest Diagnostics' 2023 Corporate Responsibility Report

Safeguarding our patients' data

Quest safeguards the privacy and security of our patients' health information through policies, procedures, and by developing solutions to tackle emerging data security threats.

DATA PRIVACY
We have a mature and effective privacy program that includes detailed privacy policies and procedures, training, auditing, and ongoing privacy awareness reminders. Our comprehensive program addresses a broad range of privacy subjects including protected health information disclosures, key privacy safeguards, and minimum necessary access to patient health information. These policies are available to employees on our intranet site. All employees undergo annual training on the Health Insurance Portability and Accountability Act (HIPAA). For both new and existing employees, we may provide more specialized privacy training based on an employee's job function. In addition, the Company continues to review new regulations and state laws and implements required controls as needed.

CYBERSECURITY
The strength and resilience of our cybersecurity and data privacy programs are critical in maintaining the trust of our patients, customers, employees, shareholders, and other stakeholders. Securing our business, customer, patient and employee data, and our information technology (IT) systems is an important part of our overall risk management framework. Quest's cybersecurity program is overseen by the Chief Information Security Officer who reports to our Chief Information and Digital Officer.

Quest maintains a comprehensive cybersecurity program developed to align with best-practice frameworks, applicable laws and regulations, and our contractual obligations. We've designed the enterprise-wide program to secure our facilities and information systems and safeguard data throughout its lifecycle, including data provided to third parties performing services on our behalf. Our cybersecurity program incorporates standards, processes, and controls over a number of domains, including, but not limited to, governance, IT risk management, access controls, facility and data protection, IT systems and data transmission security, threat intelligence and incident response, supply chain risk management, disaster recovery, and vulnerability management.

Our cybersecurity risk management program monitors our systems and networks for threats, breaches, intrusions, and other vulnerabilities; assesses the security of our company-wide software, applications and systems; conducts security audits and threat assessments; responds to cybersecurity incidents; and facilitates training for our employees. We've also convened an IT Risk Council, with enterprise-wide representation, which receives quarterly and ad hoc updates on our cybersecurity efforts. Recognizing the interconnected nature of the healthcare industry, we prioritize supply chain security to mitigate the risks of third-party breaches. We assess the security posture of our vendors and partners with whom we interface, or who store, process, host, or transmit confidential patient and employee data or other confidential information.

Our cybersecurity program is based on multiple security frameworks, including, but not limited to, the National Institute of Standards and Technology's NIST 800 Special Publication Information Security standard, MITRE 40 ATT&CK Framework, the Payment Card Industry Data Security Standard, the System and Organization Controls for Service Organizations 2, and International Organization for Standardization (ISO) 9001:2015 and ISO 15189.

Our cybersecurity program is continuously evolving to adapt to emerging threats, strengthen our security posture, and ensure the resilience of our services. Our Board of Directors oversees our cybersecurity via the Cybersecurity, Quality & Compliance, and Audit & Finance Committees.

Read more

View additional multimedia and more ESG storytelling from Quest Diagnostics on 3blmedia.com.

Contact Info:
Spokesperson: Quest Diagnostics
Website: https://www.3blmedia.com/profiles/quest-diagnostics
Email: info@3blmedia.com

SOURCE: Quest Diagnostics



View the original press release on accesswire.com

FAQ

What security frameworks does Quest Diagnostics (DGX) use for its cybersecurity program?

Quest Diagnostics uses multiple security frameworks including NIST 800, MITRE 40 ATT&CK Framework, Payment Card Industry Data Security Standard, System and Organization Controls for Service Organizations 2, and ISO 9001:2015 and ISO 15189.

How does Quest Diagnostics (DGX) manage employee privacy training?

Quest Diagnostics requires all employees to undergo annual HIPAA training and provides specialized privacy training based on job functions. They also maintain detailed privacy policies and procedures with ongoing privacy awareness reminders.

How does Quest Diagnostics (DGX) handle supply chain security?

Quest Diagnostics assesses the security posture of vendors and partners who store, process, host, or transmit confidential patient and employee data to mitigate the risks of third-party breaches.

Stock DGX logo
Quest Diagnostics Inc.

NYSE:DGX

DGX Rankings

#604 Ranked by Market Cap
#1415 Ranked by Dividends

DGX Latest News

Dec 17, 2024
Quest Diagnostics Advances Environmental Stewardship With Renewable Energy Initiatives, Waste Reduction, and ISO 14001 Certifications in 2023
Dec 3, 2024
Quest Diagnostics to Speak at the 7th Annual Evercore HealthCONx Conference
Dec 3, 2024
Quest Diagnostics Launches Health Coaching on questhealth.com to Help Individuals Take Control of Their Health
Nov 26, 2024
Parker Family Health Center Celebrates Expansion
Nov 12, 2024
Quest Diagnostics Declares Quarterly Cash Dividend

DGX Stock Data

16.99B
111.10M
0.43%
91.55%
2.32%
Diagnostics & Research
Services-medical Laboratories
Link
United States of America
SECAUCUS