Incident Response Insights from US Army Medicine CISOHeath Renfrow Sizes Up What Went Wrong in Wake of Equifax Breach
The recent Equifax mega-breach demonstrates how essential it is to have a robust, well-tested incident response plan in place that includes a strong public relations component, says Heath Renfrow, CISO at U.S. Army Medicine.
"Your public relations response is just as key as anything when you're dealing with incident response," Renfrow says in an interview with Information Security Media Group. "You've found the flaw. You've brought in a team. You need to have a strong public relations response to save face with your customers and to win back their confidence in the long run."
Equifax faced harsh criticism for its PR missteps after its massive data breach, including its lengthy delay in revealing the breach and the tweeting of information to customers that mistakenly sent them to a phishing site.
Importance of Testing
U.S. Army Medicine, the nation's second largest healthcare provider, conducts frequent live drills to simulate potential security incidents, Renfrow explains.
"We have [equipment ready] to be able to take our hospitals offline and run a true incident response if we lose power for some reason, or if our HVAC system goes down, or a hacker gets in. We're ready to respond, with our team ready to provide healthcare."
In the interview (see audio link below photo), Renfrow also discusses:
- Why third-party vendor relationships should be included in incident response plans;
- How the global political landscape is affecting the Army's incident response plans for a hospital in South Korea; and
- How crisis communications are broken down by team and region.
Renfrow oversees cybersecurity globally for U.S. Army Medicine, which runs 48 hospitals, 622 health clinics and 122 dental clinics. Previously, he served as security chief at several other U.S. defense organizations.