Topic: Supply Chain Risks in Healthcare: Time to Increase Security

The theme for National Cybersecurity Initiative‘s annual Cybersecurity Awareness Month for 2020 is Do Your Part #BeCyberSmart. For the healthcare sector, this means shedding light on the importance of securing data since the emergence of telemedicine, web-connected medical devices and third-party companies in the supply chain. These new business developments are complicating the task of healthcare organizations securing their patients’ protected health information (PHI).

Knowing the risks and digital defenses are more important than ever in the medical industry, particularly in the case of cybersecurity supply chain risks.

Supply Chain Risks: What’s at Stake?

Medical groups have many reasons to make responding to supply chain risks a key part of their work. If a malicious actor’s supply chain attack succeeded in accessing stored PHI or putting it at risk, an affected group could find itself in breach of The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Penalties for breaking HIPAA aren’t cheap.

According to Compliancy Group, organizations could face a monetary penalty ranging between $100 and $50,000 per violation or breached record, with the maximum amount of damages not to exceed $1.5 million per year, per violation. These penalties are so high because of the inherent risks involved with compromised PHI, as personal health information often sells up to three times the amount of standard personally identifiable information (PII) on the dark web.

This price partly reflects that people can’t change their health issues like they would a password. Their medical records tend to stay with them, thereby providing digital criminals with a well of knowledge for conducting extortion attacks or other malicious actions.

Supply Chain Cybersecurity Attacks

According to Benzinga, the supply chain market will reach more than $2 billion by 2025 — up from $1.8 billion in 2019.

However, the healthcare supply chain still comes with challenges. Malicious actors could tamper with products at a shipping center before they ever reach healthcare customers, for instance. From the other direction, digital attackers could prey upon openings within a supplier’s network, a mobile healthcare app or a product’s outdated firmware to make their way through the supply chain. From there, they can get access to a healthcare entity and steal its stored PHI.

Are Your Vendors on the Same Page?
Healthcare groups need to work more directly with their vendors to cut down on supply chain risks. They should consider requiring that every vendor, partner and supplier implements security controls to help minimize risks confronting their networks and products. Toward that end, organizations can begin by following the advice of the Healthcare & Public Health Sector Coordinating Councils. First, build an inventory of suppliers. Then, order these entities based upon their importance to the business and to what extent a supply chain attack could disrupt normal work.

Topic Discussed: Supply Chain Risks in Healthcare: Time to Increase Security

Read Original Article