Endpoint Security , Governance & Risk Management , Internet of Things Security

Addressing IoT, OT Security Risks in Healthcare

Chris Frenz of Mount Sinai South Nassau on Emerging Cyber Challenges
Chris Frenz, assistant vice president of IT security, Mount Sinai South Nassau

OT and IoT devices can pose patient safety concerns in healthcare environments, says Chris Frenz, an IT security leader of Mount Sinai South Nassau, a 455-bed teaching hospital in New York.

See Also: Improving OT and IoT Security for Substations and Power Grids

"There's a ton of IoT devices and OT equipment within a hospital, and a lot of those can impact patient care," Frenz says in a video interview with Information Security Media Group.

"People often think of IoT devices as security cameras and things like that - and hospitals do have challenges keeping those secure," he says. "But there is also a lot of OT equipment, such as things that control your HVAC systems or pressure sensors in various rooms … like isolation rooms, to keep either negative or positive pressure, depending on the patient's condition.

"If that pressure isn't kept at the appropriate level because it becomes malware-infected or the system goes down due to a ransomware attack, that has patient safety, as well as employee safety, risks," says Frenz, who is a speaker at the Healthcare Information and Management Systems Society 2021 conference in Las Vegas this week.

In this video interview, Frenz also discusses:

  • Reducing security risks for legacy medical devices;
  • Security incidents involving critical supply chain partners;
  • His organization's top security projects and priorities in the months ahead.

Before joining Mount Sinai South Nassau last year, Frenz was CISO at Interfaith Medical Center in Brooklyn. He has applied the "zero trust" model in healthcare and worked on medical device security.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.