In 2022, Gartner estimated that by 2025, 45% of organisations will have experienced a supply- chain cyber-attack – a prediction that unfortunately appears to be coming to fruition. This year, however, presents an even more dangerous landscape, particularly for organisations operating critical national infrastructure, such as healthcare providers. With over 50 countries running high stakes elections in 2024, the potential for severe disruption has never been higher. Threat actors will be looking to take advantage of poorly protected CNIs with sprawling supply chains to work their way into governmental networks and wreak havoc, and healthcare organisations are a perfect entry point.
The perfect target
Healthcare organisations often struggle with time and resource constraints, leading many to outsource services such as HR, payroll, and cleaning services. This creates a sprawling ecosystem of partners, each representing a potential entry point for an attack. On top of this, healthcare organisations are almost always connected to third-party pharmaceutical suppliers, academic institutions, and software vendors – creating a complex network of players outside of the organisation’s control.
Additionally, healthcare relies heavily on operational technology (OT) for many critical functions. Due to its size and value, OT often has a very long lifespan, hindering the possibility for newer operating systems to come into play. This makes it extremely difficult, sometimes nearly impossible, to implement critical software updates, opening a backdoor for cybercriminals to exploit these outdated systems.
The allure for cybercriminals is clear – a single breach can grant them access to multiple organisations within the supply chain, opening the door to every other organisation in the supply chain. This foothold allows them to disrupt operations, steal sensitive patient data, and with many healthcare organisations having a direct connection to government networks, such as the NHS, this gives threat actors the opportunity to move across the supply chain to the bigger players. The potential ROI is simply too high for bad actors ignore, especially in an election year when causing major disruptions might be particularly appealing.
Risk evaluation & communication are key
The key for healthcare organisations lies in proactive security measures. These involve taking a long term approach to security by evaluating their supply chain partners and the threat landscape to develop a comprehensive strategy that focuses on preventing breaches before they occur.
Architectural best practices: It starts with your own network
Network architecture plays a vital role in minimising risk, so organisations must make sure they are working with secure networks before any improvements to their supply chain security can be done. Methods such as implementing strong authentication protocols to ensure only authorised users can access sensitive data and systems, isolating critical systems to prevent a breach in one area compromising the entire network, and prioritising ongoing patch management, are basic strategies that can go a long way in terms of risk mitigation. These measures ensure that systems are kept up to date and secure, closing any loopholes for cyberattacks.
Supplier Vetting: You’re only as strong as your weakest link
Supplier cybersecurity posture should never be taken at face value. Every organisation, especially CNIs should conduct comprehensive risk assessments when onboarding new players in their supply-chains. Evaluating security strategies and adherence to best practices is a great place to start, but organisations can go even further by evaluating alignment with standards such as ISO 27001 and NIST 2.0. Compliance with these internationally recognised certifications demonstrates a commitment to robust security protocols, giving organisations peace of mind that the partner they’re recruiting will not become a weak link for threat actors to exploit. But vetting shouldn’t stop after the initial assessment – regular audits of all partners is essential in identifying any new vulnerabilities and to ensure the entire supply chain remains secure.
Third Party Risk Management: Communication is key
A well-defined and agreed upon risk management programme can be a lifesaver for everyone with a link to the supply chain. It is in every organisation’s best interests to be as secure as possible, so partners should be disclosing any new or potential vulnerabilities they discover with
all key players. Having a risk mitigation plan that launches into action across the whole supply chain should a vulnerability or breach be discovered would significantly decrease the likelihood of any sensitive data being compromised, as well as block threat actors from moving across the supply chain and infiltrating other networks.
Find the threats at their source
The next, and possibly newest, approach to proactive security is dark web monitoring. Stolen data is often offered for sale on the dark web, an environment where cybercriminals can communicate anonymously. By tapping into dark web intelligence, organisations can stay one step ahead of threat actors, getting an upper hand on both breach prevention and data recovery. Some benefits to dark web monitoring include:
- Data Collection: Dark web monitoring can reveal data breaches that may not have been
made public yet, allowing organisations to take the necessary steps to protect
themselves. This may include launching their incident response plan earlier than normal
and notifying potentially affected individuals or organisations within their supply chain. - Supply Chain Security Monitoring: Proactive monitoring can identify compromised
suppliers within the organisation’s network before the breach is disclosed. Once again,
allowing for quick mitigation efforts, significantly reducing the impact of the breach. - Incident Response: Data collected from the dark web can inform incident response
strategies, by helping organisations understand the nature of the breach, allowing for
evaluation of the scope of the response that is necessary. In a similar light, it can allow
organisations to verify the veracity of the threat. Bad actors will often overstate the
amount of data they’ve stolen to pressure organisations into complying with their
demands. Dark web monitoring allows organisations to investigate their claims and gain
a clearer picture of the actual situation.
In a high stakes year such as this, breaches are inevitable, but organisations can significantly reduce their risk by taking on proactive measures to secure themselves and their supply chains. It is no longer about ‘if’ they suffer a breach, it’s about ‘when’ they suffer a breach, so preparation is crucial.
