The global healthcare system has become increasingly integrated with third-party medical suppliers in recent years. These suppliers are vital in providing essential services, medical equipment, pharmaceuticals, and digital tools that healthcare organizations depend on to operate efficiently.
However, while these integrations have undeniably enhanced efficiency across the medical supply chain, they have also created new vulnerabilities – vulnerabilities that cybercriminals are exploiting.
In the past few months, three critical medical suppliers – OneBlood, Synnovis, and Octapharma – have fallen victim to sophisticated cyberattacks by Russian ransomware groups. These breaches led to widespread disruptions in healthcare services, from delays in blood supplies to the compromise of plasma centers and the destruction of critical medical samples.
This growing threat highlights the urgent need for healthcare organizations to reassess their cybersecurity strategies, particularly those related to protecting their supply chains.
New approaches to cybercrime
In the past, malicious actors have typically focused their attacks on individual healthcare organizations, seeking to breach systems and steal sensitive patient data to sell or use for ransom demands. However, as the recent attacks on OneBlood, Synnovis, and Octapharma show, cybercriminals have discovered a new, more disruptive approach.
For instance, the July 30 attack on Florida-based blood supplier OneBlood triggered a software outage that disrupted blood shipments across the region, forcing the organization to label supplies to maintain distribution manually. Similarly, the June 3 attack on Synnovis disrupted blood sample processing in London, causing thousands of hospital and medical appointments to be rescheduled. On April 15, a ransomware attack on Octapharma led to the shutdown of 190 plasma centers across the U.S., which exposed sensitive donor information.
Each attack was executed by separate Russian ransomware groups, targeting critical suppliers within the healthcare system and triggering widespread disruptions across multiple healthcare organizations. This shift in tactics exposes a glaring weakness in the healthcare supply chain and highlights the need for a more comprehensive approach to cybersecurity in healthcare. The next wave of attacks could be far more coordinated, amplifying the potential for cascading failures across the system, with even more significant consequences for patient care, medical services, and overall healthcare operations.
Fortifying cybersecurity resilience
A key component in all the above attacks was the lack of redundancies for critical suppliers. The absence of backup systems and alternative providers left healthcare organizations scrambling to restore essential services and maintain patient care. To avoid such cases in the future, healthcare organizations should diversify their supplier base and incorporate multiple providers for mission-critical services. This approach ensures that if one supplier is compromised, others can fill the gap.
Healthcare organizations should also invest in robust backup systems and regularly test their contingency plans to ensure smooth operations during unexpected outages. Ideally, healthcare organizations should be able to sustain their operations and maintain care quality for at least 30 days during a disruption.
In addition, organizations should establish a third-party risk management (TPRM) committee to assess and monitor their critical suppliers continuously. This committee should identify vulnerabilities, evaluate risk, and ensure that all third-party partners adhere to strong cybersecurity practices.
The TPRM committee should emphasize suppliers that are critical single points of failure – those for which there are no suitable alternatives. If these suppliers are compromised, it could lead to significant disruptions in essential services. The committee should work to identify these high-risk suppliers and develop strategies to manage and mitigate those supplier risks effectively.
Coordinating intelligence
In conjunction with the above efforts, healthcare organizations should collaborate to share intelligence on evolving cyber threats. This collaboration involves establishing robust communication networks and sharing real-time threat information, such as indicators of compromise, attack methods, and vulnerabilities. By pooling insights and experiences, healthcare organizations can enhance their ability to detect, respond to, and mitigate cyber threats more effectively.
Collaborative partnerships like the one between Health-ISAC and the American Hospital Association (AHA) exemplify this approach by broadly facilitating the exchange of critical information and best practices across the healthcare provider community. Engaging in such partnerships and networks provides valuable insights into emerging threats and promotes collective resilience within the healthcare sector.
Furthermore, active participation in these networks encourages continuous learning and adaptation, allowing organizations to refine their defenses and response strategies in real time. As cyber threats become more sophisticated, a unified approach to intelligence sharing and collaboration will become increasingly beneficial in maintaining the integrity of healthcare systems and protecting patient data.
Final thoughts
The recent rise in sophisticated cyberattacks on critical medical suppliers highlights a significant vulnerability in healthcare. As healthcare organizations increasingly rely on third-party suppliers, these suppliers have become attractive targets for cybercriminals. To enhance resilience, healthcare organizations must diversify suppliers, invest in solid backup systems, and create comprehensive contingency plans. Additionally, improved cybersecurity requires more effective intelligence sharing. With cyber threats growing more coordinated and severe, a combined approach that includes strong internal measures and external collaboration is crucial. By implementing these strategies, healthcare organizations can better safeguard operations, maintain service integrity, and secure patient data against the growing cyber threat landscape.
Errol Weiss, Health-ISAC Chief Security Officer, has over 25 years of experience in Information Security beginning his career with the National Security Agency. He created and ran Citigroup’s Cyber Intelligence Center and was a Senior Vice President Executive with Bank of America’s Global Information Security team.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.