Preventing 'Rogue Device' Attacks: A Case StudyBaptist Health CISO Michael Erickson on Critical Components of Layered Zero Trust
Preventing rogue device attacks is a critical component of Baptist Health's zero trust strategy, says Michael Erickson, CISO of the healthcare delivery system, which operates nine hospitals and other care facilities in Kentucky and Indiana.
"A rogue device is any kind of unauthorized digital device that comes into contact with our environment," Erickson says in an interview with Information Security Media Group.
"Like most organizations, we're always looking for new layers of defense. We also follow the innovation cycles of penetration testers and advanced penetration tools.
"We've been seeing an increase in the number of low-cost and highly effective tools in that market that are designed to look like benign peripheral devices so they are very easy to use for simulated intrusions. We believe it's also possible for threat actors to use those tools," he says.
To help defend against these kinds of attacks, Baptist Health is working with security vendor Sepio Systems, which is providing an extra layer of hardware access controls, Erickson says.
He says the Sepio solution that Baptist has deployed "helps us to monitor the existence of devices down to the peripheral level, including mice and keyboards and wireless devices. It's helping us increase our visibility, including the network."
In the interview (see audio link below photo), Erickson also discusses:
- Safeguarding and monitoring medical devices;
- Security challenges involving the ongoing COVID-19 pandemic;
- Other components of Baptist Health's zero trust approach.
Erickson is CISO of Louisville, Kentucky-based Baptist Health, a role he has held since 2016. Erickson joined Baptist Health, which has nine hospitals and more than 400 points of care, in January 1995. He was named system director of IT infrastructure and HIPAA security officer in 2005. Erickson is a member of the Kentucky chapter of InfraGard, a nonprofit organization that serves as a public-private partnership between U.S. businesses and the FBI, and he is a graduate of the FBI's Citizens Academy.