Tips on Protecting Hospitals From Nation-State AttacksCISO Christopher Frenz Describes Newly Released Guidance
In light of rising tensions between the U.S. and Iran, the Association of Executives in Healthcare Information Security recently issued new data security guidance to help the healthcare sector prepare for potential nation-state attacks, says Christopher Frenz, one of the document's authors. He leads information security at New York's Interfaith Medical Center.
After an Iranian general was killed in a recent U.S. drone strike in Baghdad, security experts and the Department of Homeland Security warned of possible retaliatory cyber strikes from Iran that could target critical infrastructure, government agencies as well as private businesses (see: U.S. Conflict With Iran Sparks Cybersecurity Concerns).
"One of the reasons the guidance was drafted ... is that we see that hospitals are constantly falling victim to ransomware and other types of cyberattacks," says Frenz, who chairs the AEHIS incident response committee that created the document.
AEHIS is an affiliate group of the College of Healthcare Information Management Executives, an association of healthcare CIOs and CISOs.
"We wanted to highlight why it's important for hospitals to focus on certain controls and what they can do to prepare if a nation-state cyberattack were to actually hit," he says in an interview with Information Security Media Group.
"Hospitals are critical infrastructure, and it is of key importance that the healthcare they provide continue ... in order to promote patient safety and prevent the loss of life."
The new guidance offers 17 recommendations, highlighting best practices and security controls. Those include patching, geoblocking, network segmentation and utilizing threat intelligence and multifactor authentication.
In the interview (see audio link below photo), Frenz discusses:
- The types of nation-state cyberattacks the healthcare sector needs to worry about most;
- The critical steps that healthcare entities should take to bolster their security;
- Top security priorities at his organization for this year.
Frenz is assistant vice president of information security for Interfaith Medical Center in New York, where he developed the hospital's information security program and infrastructure. Frenz has pushed for the adoption of improved security standards within hospitals and is the author of the OWASP Secure Medical Device Deployment Standard as well as the OWASP Anti-Ransomware Guide. In addition, he chairs the AEHIS incident response committee, which has released several other documents designed to help hospitals test and improve their incident response capabilities. Frenz is also the author of the computer programming books "Pro Perl Parsing" and "Visual Basic and Visual Basic .NET for Scientists and Engineers".