How Healthcare Orgs Can Protect Their Supply Chain From Cyberrhealthisks

The Cloud Security Alliance this past week released a report outlining the cyber risks faced by healthcare delivery organizations when it comes to supply chain management.

Experts from CSA explained that healthcare organizations face two main concerns:

• Risk management involving the cyber supply chain, which includes IT networks, hardware and software.
• Risk management involving the conventional supply chain.

"With the move to the cloud and edge computing, HDOs are finding it increasingly challenging to secure their infrastructure," read the report.

"Cyberattacks target HDOs and their suppliers in this expanded attack surface," it continued.  

WHY IT MATTERS  

As the report authors noted, cyberattacks can be very costly, particularly as healthcare organizations and suppliers present juicy targets for bad actors.  

And as the supply chain has become more dependent on the Internet, the risk profile has also become more complex.  

"It is incumbent on HDOs to ensure that their supply chain partners comply with data management policies and ensure the safety and security of the supply chain," said report authors.  

They explored several causes for supply chain and risk management program failure:  

1. A lack of automation, which makes keeping up with cyber threats challenging.
2. The cost and time-consumption of vendor risk-assessments.
3. Partial or full failure to deploy critical vendor-management controls and processes

"Regardless of the reason, it is imperative HDOs have an effective supply chain risk-management program to manage the process throughout the supply chain risk-assessment life cycle," said the report.

That life cycle, it continued, comprises determining criteria for supplier evaluation, assessing and treating risk, and monitoring and responding to further developments.  

"We must engage with our supply chain vendors to address tactical and systemic security performance measures necessary to achieve a satisfactory risk rating,” said the report.  

"Additionally, we must reduce our risk exposure by holding our supply chain accountable to meeting our risk management performance standards.  

"Risk feedback to vendors that is timely, relevant and actionable is a powerful motivator for supply chain vendors to do the right thing," it continued.