TRENDING:

Business Continuity Management / Disaster Recovery , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Nation-State Attacks: Why Healthcare Must Prepare

Errol Weiss of H-ISAC Outlines Critical Steps in Wake of Iran Tensions Marianne Kolbasuk McGee (HealthInfoSec) • January 8, 2020     10 Minutes   
Nation-State Attacks: Why Healthcare Must Prepare
Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center

As tensions between the U.S. and Iran continue to rise, healthcare organizations need to exercise extra vigilance in shoring up their security to defend against potential Iranian cyberattacks on critical infrastructure sectors, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.

On Tuesday, Iran waged missile strikes against bases in Iraq housing American troops in retaliation for a U.S. drone attack last week that killed Iranian Major General Qasem Soleimani. But security experts and U.S. government agencies warn cyberattacks could be looming as well.

"H-ISAC is providing awareness to our members to really take a cautious view of what is happening with the escalating tensions," Weiss says in an interview with Information Security Media Group. "As we know, Iran has had a propensity to target their adversaries and launch various [cyber] campaigns. So we have a lot of history we can look upon."

For example, destructive "wiper" attacks were carried out by Iran against Saudi Aramco computers in 2012 and the Las Vegas Sands casino in 2014, as well as a long series of distributed denial-of-service attacks on U.S. banks in 2012 and 2013.

"There are certainly occurrences where the healthcare sector has had collateral damage from attacks that Iran launched at other targets," Weiss notes.

Critical Steps

To prepare for potential nation-state attacks, he says, healthcare organizations should assess their back-ups, practice incident response, ensure that business continuity plans are in place, conduct vulnerability scanning and apply updated patches.

"It really comes down to ... making sure that organizations are taking the right steps to ensure their networks are secure ... and they're not an easy target."

In the interview (see audio link below photo), Weiss also discusses:

  • Ransomware and other top cyber threats facing the healthcare sector;
  • Lessons from how the financial sector dealt with earlier DDoS attacks;
  • Other critical cybersecurity steps healthcare organizations should take in the wake of escalating nation-state threats.

Weiss, who joined the Health Information Sharing and Analysis Center as CSO in 2019, has more than 25 years of experience in information security. He's co-chair of a task group of the Healthcare and Public Health Sector Coordinating Council, a public/private collaborative for improving cybersecurity in the healthcare sector. The task group developed guidance last year to help the healthcare industry participate in cyber information sharing. Previously, Weiss worked at the National Security Agency, conducting vulnerability analyses of highly classified U.S. government systems. He also created and ran Citi's cyber intelligence center and was a senior vice president with Bank of America's global information security team.

Previous
Preparing for Potential Iranian 'Wiper' Attacks
Next
Reality Check: How Vulnerable Is the Power Grid?



Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.