When we hear about cybersecurity threats in healthcare, thoughts typically jump to patient safety, patient records confidentiality, or general healthcare facility/entity operations; however, what happens if the cybersecurity threat is related to the healthcare supply chain?
This interactive graphic made by the Washington Post and Siemens, demonstrates the cybersecurity impacts on two pieces of critical infrastructure: a power station and a manufacturing plant. These plants are crucial for healthcare facilities and organizations to function effectively with enough power and materials. An attack on a power plant can represent a minimal disruption of services or a critical disruption with regional or statewide consequences as was witnessed during the Northeast blackout of 2003. An attack on a manufacturing plant can represent the same range of service disruption or, in the example posed by the Washington Post, it could present a major Mass Casualty Incident and HAZMAT situation, both of which could substantially impact nearby healthcare entities on a multitude of levels (Washington Post Brand Studio & Siemens, 2017).
Beyond vendors of physical products, there are cyber vendors who may also be at risk for compromising healthcare services. There are a multitude of companies that provide Software as a Service (SaaS), Infrastructure as a Service (IaaS), or Platform as a Service (PaaS) to support the functions of healthcare entities. SaaS, IaaS, and PaaS providers may be key to your organization's communications infrastructure or may provide a specialized service that allows the documentation of patient information.
Knowing your vendors, knowing their security protocols, and having the willingness to share information are all ways for multi-sector supply chains to communicate and work effectively together (United States Department of Energy, n.d.). Understanding cyber risks to the supply chain can better prepare healthcare entities to face a loss of power supply or the potential of delay or non-delivery of essential supplies.
At the end of the day, creating an all-hazards and up-to-date cyber security program is paramount to healthcare continuity. Protection of supply chains requires a high degree of coordination and collaboration between all vendors and requires investing in new tools and best practices (Weintraub & Borenstein, 2017). It is also paramount for healthcare entities to look beyond the niche areas of cyber security (i.e. patient records) and take a holistic approach to cyber security risk (Weintraub & Borenstein, 2017).
United States Department of Energy. (n.d.). Energy Sector Cybersecurity Preparedness. Retrieved August 14, 2017, from https://energy.gov/oe/energy-sector-cybersecurity-preparedness-0
Washington Post Brand Studio, & Siemens. (2017, August 08). Defending against a cyber attack. Retrieved August 14, 2017, from http://www.washingtonpost.com/sf/brand-connect/siemens/cyber-defense/#/
Weintraub, R., & Borenstein, J. (2017, July 07). 11 Things the Health Care Sector Must Do to Improve Cybersecurity. Retrieved August 14, 2017, from https://hbr.org/2017/06/11-things-the-health-care-sector-must-do-to-improve-cybersecurity