Supply Chain and IoT Risks Plaguing Healthcare Industry

By Apac CIO Outlook | Monday, December 03, 2018

Technology is the catalyst to the success of modern healthcare. While technology has broadened the scope of healthcare to a point where it can now cure several illnesses which were untreatable till this day, cybersecurity challenges remain the major concern for the healthcare industry. The healthcare sector is spending a significant share of its revenue on security products and services, and according to a research by Cybersecurity Ventures, it is estimated that the global healthcare will be spending over $65 billion by 2023. Though the increased expenses may not positively change the outcome, the need of the hour warrants protecting the confidential medical data, software as well as the medical equipment from being tampered from potential threats emanating from supply chain and IoT security breaches.

The latest threat by attack vectors, including WannaCry, has exposed the vulnerability of the supply chain structure to security breaches. Imagine a medical device hardware or even software being tampered during its production at the manufacturing plant. If a healthcare company would not be able to ascertain the risk, the equipment’s data—including medical imaging reports will be hacked and exploited as long as it is on the medical network. According to a Trend Micro report, the critical areas where the industry poses high risks comprise of distribution centers, suppliers, health app developers and outdated firmware.

On the other hand, IoT is also making its way to the list of other advanced technologies posing major cybersecurity challenges in the industry. According to the same research report, Shodan—an IoT-enabled device was able to discover and track the connected medical devices while being vulnerable to potential security risks. The healthcare unit may erroneously configure their IT infrastructure with Internet as the medium for connectivity and for remote troubleshooting, making the entire infrastructure vulnerable to attackers.

In order to keep check of potential threats, the healthcare enterprises must make new policies for setting standards to pass the medical devices and equipment with basic security checks. Moreover, the enterprises must persuade their vendors to adhere to similar security standards and ensure the devices are manufactured with security being central to the process.