Healthcare’s Digitization: Coming to Terms with Cybersecurity Supply Chain Risk

January 9, 2023 CynergisTek, Inc.

Providers are, in many cases, getting the equivalent of a Russian nesting doll of third-party risks whenever they acquire a complex new technology solution. Cybersecurity supply chain risk management is the process of identifying and mitigating potential risks that may arise from these third-party products and services within an organization's IT infrastructure.

Healthcare technology has evolved significantly in recent years. For example, electronic health record systems, clinical information systems, patient portals, and electronic billing systems are commonplace today. New solutions leveraging machine learning and artificial intelligence are transforming how we diagnose and treat disease. Telemedicine networks connect patients to doctors and specialists across the country, and nanomedicine has the potential to revolutionize treatments for cancer, diabetes, and many other conditions.

Just like the digital technologies that preceded them, these new technologies bring new security risks that organizations must address to protect patients and their data. The authors of HIPAA predicted these risks two decades ago, leading to the implementation of the HIPAA Security Rule. The Security Rule continues to provide the security framework by which healthcare providers and their business associate partners must abide when implementing and operating systems that create, receive, maintain or transmit electronic protected health information (ePHI). However, simply asking a third party to sign a business associate agreement promising to abide by the HIPAA Security Rule requirements is no longer enough to manage the associated risk of adopting current and emerging technology solutions.

As the speed and scale of positive impact increases with new technology, so does the potential harm.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordinating Center (HC3) recently issued a threat brief regarding the security risks of the most promising emerging technologies impacting healthcare. On the list of emerging technology, HHS HC3 included artificial intelligence, 5G cellular, nanomedicine, smart hospitals, and quantum computing and cryptography.

We are particularly concerned that a vulnerability in technology may ultimately result in loss of life. Unfortunately, all the technologies listed in the HHS HC3 threat brief could fall into that category.

Click here to continue reading.

About the Author

CynergisTek, Inc.

CynergisTek is a top-ranked cybersecurity consulting firm dedicated to serving the information assurance needs of healthcare. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, and compliance goals. The company has been recognized by KLAS in the 2016 and 2018 Cybersecurity reports as a top performing firm in healthcare cybersecurity, as well as the 2017 Best in KLAS winner for Cybersecurity Advisory Services.

Follow on Twitter Follow on Linkedin Visit Website More Content by CynergisTek, Inc.
Previous Article
2023 Predictions From Health Executives
2023 Predictions From Health Executives

Jon Moore shares his predictions for 2023 cybersecurity supply chain risk

Next Article
Healthcare Executives Make Predictions for 2023
Healthcare Executives Make Predictions for 2023

Dave Bailey shares 2023 predictions in healthcare cybersecurity including ransomware, supply chain, and med...