The recent Solar Winds breach has made supply chain and third-party risk a widespread topic of discussion. Every organization is dependent upon a network of third-party vendors, software developers, suppliers, etc.
These external entities that an organization relies upon introduce new risks to corporate cybersecurity and the organization’s ability to do business. A ransomware attack on a critical supplier’s network could render an organization incapable of doing business. Or, as in the case of Solar Winds, a trusted piece of software could be compromised and used as an entry vector into an organization’s network and systems.
Third-party and supply chain risk are problems shared by organizations in every industry vertical. However, for organizations that are critical infrastructure or are currently a major target of cyberattacks—such as the healthcare industry—an understanding of third-party risk and how to manage it is critical to cybersecurity.
Supply Chain Risk and the Healthcare Sector
Healthcare is critical infrastructure, especially during the COVID-19 pandemic. This has made it a major focus of cybercriminals in 2020, which exacerbates the cybersecurity challenges that the industry consistently faces. However, healthcare organizations are uniquely vulnerable to supply chain and third-party risk.
Most healthcare providers are extremely dependent upon modern technology. A ransomware infection on an MRI machine could delay a critical diagnosis, and compromise of Internet-connected medical devices could cause a breach of sensitive medical data or injury or death (in the case of Internet-connected pacemakers, medication dispensers, etc.).
Identifying and managing supply chain risk is critical in healthcare. Otherwise, hospitals run the risk of being incapable of providing critical care due to a cyberattack, as occurred multiple times during 2020.
Supply Chain Risk and COVID-19
It is commonly known that the Pfizer/BioNTech vaccine requires a sophisticated “cold chain” to keep it viable during distribution. The vaccine needs to be kept at -70 degrees Celsius throughout the distribution process.
This requirement for a “cold chain” creates significant supply chain vulnerabilities for the vaccine. IBM has reported that it had detected efforts to potentially disrupt this supply chain by targeting transport companies, manufacturers of solar panels for transport vehicles, and dry ice distributors. If the attack was successful, it could have disrupted the distribution of the vaccine, inhibiting affected countries’ efforts to bring the COVID-19 pandemic under control.
How MorganFranklin Can Help
Protecting healthcare and other organizations against cyber threats requires a complete understanding of the company’s third-party dependencies and the potential risk that they carry. For organizations with complex vendor and supplier networks, mapping out these relationships can be complex.
MorganFranklin has expertise in evaluating third-party risk and guiding organizations through analysis of supply chain vulnerabilities. MorganFranklin experts can provide insight on how to structure the vulnerability discovery process, which tools to use, and how to take action to minimize risk based upon the results of the analysis.