Be Vigilant: A Look at Supply Chain Fraud in Healthcare

According to a survey by Proofpoint, the average healthcare organization received about 200,000 emails from over 10,000 different 3rd party domains.  When you consider the thousands of vendors and suppliers that work with a healthcare organization, this isn’t a big surprise.  However, the survey also found that 97% received threats from at least one of their suppliers’ domains via impersonation or business email compromise.  That’s a disconcerting proposition.

In a recent virtual meetup, we dove into this problem with the following experts:

  • Chris Baldwin, Chief Information Security Officer at Hartford HealthCare
  • Judy Hatchett, VP, Information Security & CISO at Surescripts
  • Ryan Witt, Managing Director, Industry Solutions Group and Resident Healthcare CISO at Proofpoint

While we all know that the pace of attacks is accelerating in healthcare, we have to also recognize that attacks are becoming more sophisticated.  The panel dove into this challenge and shared what this tells us about larger trends.  Plus, they talk about how it modifies the security risk equation all the way down to impacting patient care.

The panel also shares which titles and departments are most vulnerable and which parts of the supply chain are more vulnerable to imposter attacks.  Understanding who’s most at risk was suggested as an essential key to addressing the problem.  Every organization has finite time and resources and so identifying those most at risk means you can apply those resources to your most vulnerable staff.  Plus, they shared that sometimes it’s the staff you’d least expect that are the most vulnerable.  It’s not just your top executives.

Once you have identified those that are most vulnerable, the panel suggested some ways you can address the problem.  One recommendation was implementing 2-factor authentication.  The bad actors out there are after your staff’s credentials.  2-factor authentication is one of the best ways to secure those credentials.  Plus, they also commented that you shouldn’t under estimate the value of an email protection tool.

Another incredible point was how money loss from fraud attacks is actually more common than other exploits.  The problem is that when a patient’s PHI is breached, an organization is required to disclose that information per HIPAA breach notification requirements.  The same is not true when a hacker defrauds your supply chain.  It’s no doubt painful for the organization to lose that money, but there’s no public reporting requirement.  That means that we often never hear about it happening.

If you’re concerned about supply chain fraud in your organization and want to know how to better protect yourself, check out the virtual meetup discussion sponsored by Proofpoint in the video below.

Learn more about Proofpoint: http://www.proofpoint.com/healthcare

Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.

And for an exclusive look at our top storiessubscribe to our newsletter.

Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our media Kit.

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

1 Comment

  • Due to the rise in supply chain fraud in Healthcare, it’s the right time to increase security.
    The Australian Digital Health Agency recently released an advisory regarding an “imminent cybercrime threat to hospitals and healthcare providers. If you want to protect your healthcare organizations from these fraus and risk management, you need to consult with a Cyber Security Company that can help to safeguard your practice management system as well as medical devices.

Click here to post a comment
   

Categories