In early June, a cyberattack hit a medical supplier for several large hospitals in London — an attack that's expected to cause disruptions for months, according to local reports. Healthcare supply chain leaders should prepare for a similar situation in the U.S., experts told Becker's.
The supplier, Synnovis, is a medical diagnostics company. On June 3, a group of Russian hackers paralyzed Synnovis' IT system, The Guardian reported. In the aftermath, hospitals across London have been transferring patients, canceling transplant operations, and halting blood transfusions and other lab services.
This cyberattack likely will not affect U.S. healthcare, but third-party cybersecurity risks are ramping up across the nation. Recently, an Adventist Health hospital in California said its third-party agency for payment services experienced a cyberattack, and a ransomware gang stole data from Change Healthcare, UnitedHealth Group's claims processing subsidiary.
As data breaches increase in the healthcare industry, hospital supply chain leaders should be leveling up their cybersecurity measures, according to John Riggi.
"The bad guys are continuously evolving their tactics," said Mr. Riggi, the American Hospital Association's national adviser for cybersecurity and risk. "So, unlike a hurricane or tornado, bad guys change as we change. We implement a measure, they implement a countermeasure. So it's an evolving fight that we have to be fully engaged with our emergency management partners on."
Todd Ebert, former CEO of the Healthcare Supply Chain Association, shared similar thoughts.
"The increased use of connected medical devices and software as a service, the adoption of wireless technology and overall increased medical device and service connectivity to the internet significantly increase the risks of cybersecurity threats," Mr. Ebert told Becker's.
"Maintaining device and information security is a shared responsibility of the manufacturers and suppliers of connected devices and services as well as the healthcare delivery organizations that use them," he said. "Providing this security is a continual effort that requires vigilance, adaptation and ongoing communication and collaboration between the parties."