Controlling the Uncontrollable
PART ONE: HEALTHCARE SUPPLY CHAIN CYBERSECURITY
Supply chain leaders generally have a good handle on their operations internally, but there are external forces that impact them. From natural disasters to geopolitical tensions, these forces are tough to control. However, they can be managed by putting smart plans in place. In the first of our three-part blog on controlling the uncontrollable, we are focusing on healthcare supply chain cybersecurity.
Cybersecurity is a major concern for businesses, and the healthcare industry is no exception. Healthcare remains highly targeted by cybercriminals and is the most costly industry for breaches among all sectors. According to IBM’s 2022 Cost of a Data Breach report, the average cost of a breach in healthcare is $10.10M—a 42% increase since 2020.
According to an independent survey by the Ponemon Institute of 641 IT and IT Security practitioners in healthcare:
- 89% had at least one cyberattack over the past 12 months
- $1.1M was the average cost of lost productivity
- 67% said a cyberattack disrupted patient care and
- 23% reported an increase in the mortality rate
Why is this happening?
On average, health organizations have more than 26,000 network-connected devices. So just one healthcare supply chain cybersecurity breach is a system-wide problem.
- Malicious attackers can insert malicious software into a vendor’s code. When the healthcare client (who generally has thousands of vendors) downloads software, the attacker gains access to the entire network.
- Ransomware attacks against workforce management companies can wreak havoc on things like payroll processes, exposure of confidential patient and donor information, transcription services, and imaging systems.
- Health systems face risks from many types of vendors–food suppliers, medical device manufacturers, pharmaceuticals, surgical and safety equipment, and lab systems—all of which can quickly degrade the quality of care.
Technology is why cyber attackers can get into a health system, but it’s also the solution to keeping them out. By using software that monitors every vendor in its system, supply chain leaders can stop cyberattacks in their tracks.
Where to begin
According to an article in HealthTech Magazine, there are three actions health systems can take to strengthen their security:
TAKE AN UP-TO-DATE INVENTORY OF ALL VENDORS AND SUPPLIERS
Supply Chain Managers should know all the contracts the organization has signed, and should have an acquisition policy in place that mandates healthcare supply chain cybersecurity, compliance, and other reviews before signing new vendors.
ESTABLISH A THIRD-PARTY RISK-MANAGEMENT PROGRAM
To reduce risk, a detailed assessment should be conducted during the initial evaluation of all potential suppliers and partners. If the vendor can’t meet the requirements, find one who can. If an exception must be made, controls should be put in place to monitor and manage the vendor’s cybersecurity shortfalls.
CONDUCT ONGOING REVIEWS OF VENDORS
Time-consuming? Yes, if done alone. But ongoing review and evaluation of vendors become much easier when health systems work with a company like VPL. We continually monitor the performance of all vendors in the hospital’s ecosystem.
Enhancing healthcare supply chain cybersecurity
As health systems grow ever larger and depend more on third-party suppliers, this problem isn’t going away anytime soon… if ever. But by working with a partner like VPL, supply chain leaders can keep better tabs on all the vendors and suppliers in the health organization’s ecosystem and prevent breaches before they happen.
Another great reason to work with VPL: we recently completed a System and Organization Controls (SOC) 2 Type audit. This designation is an independent analysis of data security and allows us to seamlessly navigate security questions during the hospital and pharmacy onboarding process.
Because we offer cloud-based solutions to support visibility, cost savings, and performance improvement for supply chains and outpatient pharmacies, it’s important to be able to assure our clients that their data is protected, and with our SOC2 Type 2 certification, we’re able to ensure sensitive information is handled with the strictest security.
Learn more about how VPL can help you tackle healthcare supply chain cybersecurity challenges at www.getvpl.com.