Q&A: Mount Sinai’s Chris Frenz on Best Practices for Zero-Trust Implementation
Healthcare organizations are continuing to digitalize their care methods and collect a greater amount of data. Because of growing attack surfaces and an increase in cybersecurity threats such as ransomware attacks, health IT leaders must adjust the way they protect their environments. Whether it’s implementing zero-trust principles or assessing cyberthreats, healthcare organizations have new concerns when building their security frameworks.
We launched a script and simulated the malware spreading through the organization. By doing the exercise, we learned quite a bit about which controls were effective, which controls didn’t work and, in some cases, how people responded to the attack, both in terms of the users and in terms of incident response.
One of the controls that stood out as really effective from doing that test was network segmentation. And the interesting thing we saw is that the network segmentation we had, which was by department, mostly of access control lists and virtual LANs, did a good job of keeping that threat contained to just that particular department.
Did you find this useful?