4 Cybersecurity Risks Healthcare Providers Face With Their Vendors

Joel Alcon | August 15, 2017 | tag: Vendor Risk Management

If you’re involved in a healthcare-based organization, you’ve likely noticed the push for stronger vendor security and vendor risk management (VRM) practices. There are a few reasons for this.

First, medical data and personal patient information is migrating to the digital world, opening up the potential for cyber crime. Second, cyber attacks and cybersecurity risks in healthcare are continuing to grow in complexity, and cyber criminals may steal data or ensure the organization cannot access said data until a ransom is paid. And finally, the regulatory landscape is evolving, so if a vendor compromises or mishandles patient data, you could see major regulatory consequences.

With that in mind, consider these four cybersecurity risks healthcare providers face in relation to their vendors and third parties — as well as a look at why they’re so critical.

1. Outdated Endpoints

Healthcare providers work with a wide range of vendors — from those in HR to medical device providers to insurance companies. With this diverse vendor ecosystem, it’s critical to remember that some of your third parties could be accessing your network and sensitive data through outdated endpoints (i.e. computers, laptops, mobile devices, tablets, etc.). If any of your vendors allow individuals to connect to your network on a device running old software — or taking part in risky cyber behavior via that endpoint — you could expose your organization to vulnerabilities.

2. Outdated Medical Devices

Medical devices may not be top-of-mind where cybersecurity is concerned, but they should be. For example, even if you’ve transitioned away from a legacy operating system, your medical equipment — say, an X-Ray machine — may still have that legacy OS embedded. If that OS becomes infected with a worm, it has the potential to threaten your entire network.

Interestingly, we’ve been seeing more medical device manufacturers beginning to use security as way to differentiate themselves in the marketplace, signaling a shift in the way medical third parties are thinking about cybersecurity in healthcare.

3. Ransomware

Ransomware poses one of the most daunting security risks for healthcare organizations. This is a common problem in the healthcare industry, possibly due to the time-sensitive nature of the data used in healthcare facilities. The success of a ransomware attack depends almost solely on how desperately the data is needed. So if an attack hits a hospital and the data isn’t accessible another way, some are willing to pay to regain access. As a result, it is important for healthcare organizations to continuously monitor their third parties and assess whether access to their network could introduce vulnerabilities (which could, in turn, lead to ransomware and other disruptive cyber attacks).

4. Reputational Harm

Consider this: As a hospital, if you send patient samples to a lab for analysis and that lab experiences a breach, your patients’ data — including their names, medical record numbers, test results, and other personally-identifiable information (PII) — could be at risk. If your organization is not actively monitoring vendors to ensure they take proper security precautions, you could be putting your patients’ data in a precarious situation and risking damage to your hospital’s reputation in the process.

The four risks listed above are only a few of the reasons why vendor risk management is taking center stage in discussions about cybersecurity in healthcare. Download this ebook to learn about three elements that will help your hospital or healthcare facility create a rock-solid vendor risk management program. Additionally, you’ll read more about the benefits and importance of using the most up-to-date cybersecurity tools to monitor your vendors.

 

Suggested Posts

BitSight Integrates With ServiceNow to Reduce Risk Throughout Vendor Management Programs

Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were managing and monitoring...

READ MORE »

5 Best Practices for Conducting Cyber Security Assessments

Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into your organization.

READ MORE »

5 Tips to Improve Cyber Security Monitoring of Your Vendors

What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by...

READ MORE »

Get the Weekly Cybersecurity Newsletter.