COVID-19: How to Adjust Business Continuity PlansCISO Christopher Frenz Describes New Guidance
The COVID-19 pandemic present new challenges to healthcare IT and security teams, including the need to reassess and adjust business continuity plans, says Christopher Frenz, who leads information security at New York's Interfaith Medical Center. He's chair of an industry committee that has developed new guidance for dealing with those challenges.
The guidance, issued on March 12 by the Association for Executives in Healthcare Information Security, an affiliate of the College of Healthcare Information Management Executives, aims to help CISOs, CIOs and their teams prepare for the impact of disease outbreaks - such as COVID-19 - on their organizations.
Need for Constant Testing
"Business continuity is something organizations should constantly test, particularly in healthcare," he says in an interview with Information Security Media Group.
"Testing your backup and disaster recovery plans is something we should always be doing. But at a time like this where we're seeing an upswing in malware attacks against hospitals related to coronavirus, and you're going to have influxes of patients ... that puts additional stresses on systems. So it's definitely a good idea to test and verify that all this stuff works ahead of time," he says.
"My immediate concern is ensuring that employees are adequately cross trained because if you do have employees call in sick, you have to ensure you can fill whatever skill gap exists. That's a problem for many of the smaller hospitals that have an IT department that consists of only a handful of people. An outage of critical knowledge could be a real problem."
In the interview (see audio link below photo), Frenz also discusses other topics highlighted in the guidance, including:
- Potential IT and information security supply chain issues during the COVID-19 crisis;
- Privacy and security risks involving expanded telehealth services to remotely care for patients during the outbreak;
- Shifting IT security priorities during the global health crisis.
Frenz is assistant vice president of information security for Interfaith Medical Center in Brooklyn, New York, where he developed the hospital's information security program and infrastructure. Frenz is the author of the OWASP Secure Medical Device Deployment Standard as well as the OWASP Anti-Ransomware Guide. In addition, he chairs the AEHIS incident response committee, which in addition to the latest guidance about response to outbreaks, has released several documents designed to help hospitals test and improve their incident response capabilities. Frenz is also the author of the computer programming books "Pro Perl Parsing" and "Visual Basic and Visual Basic .NET for Scientists and Engineers."