Healthcare Providers Cannot Evaluate and Mitigate Supply Chain Risks

Healthcare providers could have numerous cybersecurity procedures ready to protect their systems and stop direct attacks by threat actors. However, substantial challenges are encountered when protecting the supply chain. Healthcare providers employ vendors to deliver services that can’t be managed in-house, and although they deliver essential services they likewise generate risks that must be efficiently handled. Vendors frequently need privileged access to systems to execute their work, meaning an attack on a vendor could enable a threat actor to acquire access to a healthcare provider’s system via the backdoor.

Cybercriminals are more and more attacking healthcare vendors considering that they are a significantly vulnerable part of the supply chain. In 2022, a lot of the biggest healthcare data breaches documented had vendors involved.

  • Shields Health Care Group, a medical imaging services provider to over 50 healthcare centers, encountered a breach involving over 2 million records,
  • Professional Finance Company, a debt collection service provider to healthcare providers, encountered a breach impacting a lot of its clients and compromised the information of 1.91 million individuals.
  • Eye Care Leaders, an electronic medical record vendor, suffered an attack that impacted around 41 eye care companies and over 3.6 million patients.
  • Though efforts must keep going to protect healthcare systems from direct attacks, prompt action is necessary to protect the supply chain.

A new survey carried out by the Ponemon Institute for the Healthcare and Public Health Sector Coordinating Councils (HSCC) looked into the present status of supply chain risk in medical care and affirmed that quite a lot must be completed, with numerous healthcare providers discovered to experience substantial difficulties in acquiring their supply chains. The survey was performed on 400 U.S. healthcare companies, affirmed that there is still substantial potential and budget breaks between big and modest healthcare companies with regards to managing and lowering supply chain threat, yet companies of different sizes are faltering at the essentials of supply chain risk supervision.

To correctly measure and deal with risks, healthcare companies need to have a complete listing of all vendors that they utilize. The survey showed that just 20% of the 400 surveyed companies had a complete listing of all of their vendors, with smaller healthcare companies being three times more likely to be without inventory whatsoever. One popular strategy undertaken by healthcare companies is to concentrate their supply chain risk administration plans on new vendors while they are onboarded, yet they are unsuccessful in evaluating and handling risk for their present vendors, which was the scenario for nearly half (46%) of surveyed companies. 35% of surveyed companies weren’t considering supplier risks associated with patient results, with smaller healthcare companies 2 times as likely to have this difference than bigger companies. Only 41% of companies had incorporated their cyber risk plans with their purchasing and contracting teams. Smaller healthcare companies lack budgetary resources to correctly handle supply chain danger, with 57% of smaller companies having supply chain risk management funds of $500,000 or much less, as opposed to 5% of big companies that got supply chain risk management finances of around $1 million to $5 million.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) comprises supply chain risk management procedures that could – and ought to – be followed – yet doing this can be a problem for small- and medium-sized healthcare companies. To make supply chain risk management easier, the HSCC has customized this reference and created a free toolkit (HICSCRiM), particularly for small to medium-sized healthcare companies which normally have more minimal resources for taking care of supply chain danger.

Ed Gaudet, CEO, and Founder of Censinet as well as HSCC Supply Chain Cybersecurity Task Group member said the healthcare supply chain group is under a growing amount of pressure to move immediately while dealing with a lot of risks throughout the purchase process. Because cyberattacks just like ransomware come to be more advanced, this survey emphasizes the immediate requirement for automation and useful risk ideas to help supply chain frontrunners efficiently handle inventory, fraudulence, cyber risk, and supplier redundancy.