Heath Renfrow

Co-founder at Fenix24 and 1 other company

On the record

Share profile

Link:

#CyberSecurityStrategy #AWS #CriticalInfrastructureSecurity #DataProtection #NetworkOperations #SecurityArchitecture #RiskManagement #CyberIntelligence #DataLoss #FraudPrevention #ProjectManagement #InformationTechnology #CISSP #CertifiedEthicalHacker #CertifiedNetworkDefenseArchitect #CertifiedSCADASecurityArchitect

Bio

Edit

Heath Renfrow, is widely regarded as one of the world’s leading cyber security experts. He has more than two decades of experience as a high-level information security specialist, much of it as a chief information security officer (CISO) in the United States Department of Defense, where he addressed some of the nation’s most significant cyber challenges. In 2017 he was named Global CISO of the Year by EC-Council, the largest cyber- training organization in the world.

Employment

Conversant Group (https://www.conversantgroup.com/)
Chief Information Security Officer / Managing Partner of Fenix24
Fenix24 (https://fenix24.com/)
Co-founder
started Apr 2022

Media

Maryland officials confirm ransomware attack shut down Department of Health | ZDNet

Health officials said they have to figure out COVID-19 statistics by hand because of the attack.

Article
Health sector should be worried about Russian cyberattacks

The threat is real, says Heath Renfrow, chief information security officer at Conversant Group. Healthcare organizations generally aren’t where they need to be when it comes to cybersecurity.

Article
Ransomware spurs weeks, months of IT downtime

Many hospitals use disaster plans created for other crises, like technical failures and storms, that don't capture the scope of cyberattacks.

Article

Recent Quotes

If the MD Health Department had truly been alerted to the intrusion when it occurred, then their systems should not have been encrypted. I would guess that they were taken offline after the successful encryption of most of their systems and that the encryption stage had already completed what it needed to complete.

I would be curious if outside breach counsel has been engaged for this incident, and what the ultimate results of the Data Forensics Incident Response results will show (how the threat actors gained access, what sensitive data could they have touched, and if data was exfiltrated). Health and Human Services Office of Civil Rights will most likely have to be notified of potential Health Insurance Portability and Accountability Act (HIPAA) violations, and possibly notifications sent to the victims of the potential exposure of their personal health information.

Headshots

Heath Renfrow | Source | Co-founder at Fenix24

Heath Renfrow

Conversant Group (https://www.conversantgroup.com/)

Fenix24 (https://fenix24.com/)

Maryland officials confirm ransomware attack shut down Department of Health | ZDNet

Health sector should be worried about Russian cyberattacks

Ransomware spurs weeks, months of IT downtime