by John Deutsch - Bridge Patient Portal
Cyberattacks targeting the supply chain are an increasingly prevalent threat in the healthcare industry, especially as the modern healthcare supply chain contains significant digital elements, such as the patient engagement vendors that provide public-facing digital tools. These third-party apps and patient-facing tools process sensitive patient data and connect with a healthcare organization’s source systems on the supply chain. As such, they are tempting targets for cybercriminals, who can sell this data on the black market or lock it up with ransomware until they are paid.
One infamous supply chain attack that occurred recently was the SolarWinds incident, in which a cybercriminal group inserted malware into a software update for a network management platform. This allowed the hackers to access sensitive data from around 18,000 of the company’s customers, including NASA, Microsoft, and the US Department of Homeland Security.
SolarWinds as a vendor proved to be the weak link in a supply chain connecting many valuable targets and serves as a high-profile example to be avoided in any industry.
The Risk to Healthcare Organizations: Combining Multiple Third-Party Apps
Digital transformation in healthcare involves integrating multiple third-party apps from software vendors with a provider’s EHRs, revenue cycle management (RCM) systems, and other digital tools to meet patient demand for convenience and improve business efficiency. While technology offers many advantages, it also creates more potential points of entry for hackers.
One investigation by a cybersecurity analyst found that although a healthcare organization’s own APIs were free of vulnerabilities, the APIs used by third-party apps linked to the provider’s source systems were much more insecure, allowing quick access to millions of patient records. This illustrates the main cybersecurity challenge for healthcare organizations: the more third-party apps are integrated into their systems, the higher the risk.
The complex interconnectivity of healthcare software supply chains can make the source of a cyberattack difficult to trace. Healthcare organizations face the challenge of how to effectively oversee multiple vendors with overstretched IT resources at a time when good cybersecurity experts are hard to find.
How to Future-Proof Your Cybersecurity
In order to mitigate risk, healthcare organizations must implement a strict vetting process for all software vendors that they partner with. It is recommended that providers approach this challenge from two different perspectives.
1. Vet Cybersecurity Standards
It is imperative to partner with a vendor that has reliable cybersecurity processes, policies, and certifications. Bridge Patient Portal CEO John Deutsch has highlighted a ‘major concern’ with the neglect of due diligence as providers rush to implement third-party tools.
Healthcare organizations are advised to ensure that potential vendors:
Have all the relevant certifications
Have cybersecurity policies aligned with the healthcare org’s standards
Use high-quality encryption
Have systems in place for data backups and disaster recovery
Demonstrate HIPAA compliance
This due diligence must be reinforced with regular pentests, reviews, and updates.
2. Simplify Supply Chains
The simpler a supply chain is, the fewer weak points it has for hackers to target. Healthcare organizations can streamline their supply chains by partnering with a comprehensive third-party vendor, such as Bridge, that combines a range of patient engagement tools into a complete system.
Final Thoughts
By following this two-pronged approach, healthcare stakeholders can mitigate risk while streamlining their processes and securing their supply chain against future threats. As with anything tech-related, regular reviews and updates will be necessary to keep up with evolving technology.
About the Author
John Deutsch
John is CEO of Bridge Patient Portal with 20 years of healthcare IT business ownership experience specializing in patient engagement, marketing, and software development.
Check out Bridge's recent webinar with FQHC Connect where they talked about Taking Patient Engagement to the Next Level with Telehealth, Mobile, & Other Patient Engagement Initiatives.
About Bridge Patient Portal
Bridge is an enterprise patient portal and patient engagement solution for healthcare organizations. The platform is ideal for health centers seeking to replace their existing EHR’s patient portal, connect disparate EHR environments, consolidate costly patient engagement tools, offer telemedicine services, and/or publish a mobile app.
Bridge is a community sponsor of FQHC Connect and has a number of FQHCs using their platform. They are constantly seeking to improve their technology and collaborate with FQHCs to find new and creative ways to advance patient engagement in FQHCs.
Learn more at www.bridgepatientportal.com.