Security Leaders List 17 Recommended Controls to Mitigate Cyberattack Risks

ANN ARBOR, MI, Jan. 8, 2020 – To address concerns about an escalation in attempted cyberattacks sponsored by nation states, the Association for Executives in Healthcare Information Security (AEHIS) has published a list of recommended controls designed to mitigate risk. The guide was written by the AEHIS Incident Response Committee and is available to the public.
 
The document, titled “Healthcare Sector Preparations for the Threat of Nation State Sponsored Cyberattacks Against Critical Infrastructure” lists 17 security controls a healthcare organization can implement to strengthen its cybersecurity posture. The recommended controls augment industry standard best practices.
 
“If an organization is not already in line with industry standard best practices, coming up to par on those first may very well serve that particular organization better,” the authors wrote. “What this guide is intended to do is highlight controls that can be used to supplement industry standard practices and highlight controls that may be especially helpful in helping organizations mitigate the potential damage a nation state-sponsored cyberattack could do to a healthcare organization. The guidance is implemented in the form of a top list of things to do to help mitigate such attacks.” 
 
The recommended controls, followed by concise descriptions, are:
  • Patching
  • Verify Disaster Recovery and Business Continuity Plans
  • Geoblocking
  • Security Information and Event Management Alerts
  • Threat Intelligence
  • Network Segmentation
  • Audit Publicly Exposed Assets and Services
  • Continuous Network Discovery
  • Incident Response Planning and Testing
  • Sandboxes
  • Application Whitelisting
  • DNS Sinkholing
  • Two-factor Authentication
  • Local Administrator Password Solution
  • Deception
  • Enterprise Detection and Response
  • Security Education
 
AEHIS is an affiliate of the College of Healthcare Information Management Executives (CHIME). AEHIS and CHIME encourage healthcare information security and IT executives to download this resource, which is available on the AEHIS website at aehis.org/ciso-resources/or by clicking here.
 
About AEHIS
The Association for Executives in Healthcare Information Security (AEHIS) was launched in 2014 to provide an education and networking platform to healthcare’s senior IT security leaders. With nearly 900 members, AEHIS is advancing the role of the chief information security officer (CISO) through education, collaboration, exchange of best practices and advocacy in support of secure health information for the protection of both healthcare organizations and consumers. For more Information, please visit aehis.org
 
About CHIME
The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs), chief innovation officers (CIOs), chief digital officers (CDOs) and other senior healthcare IT leaders. With more than 3,200 members in 56 countries and over 150 healthcare IT business partners and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and care in the communities they serve. For more information, please visit chimecentral.org.
 
Contact
Candace Stuart
Director of Communications and Public Relations, CHIME
734.665.0000