Third-party vendors drive healthcare cybersecurity risks

Editor's Note

Cybersecurity threats in healthcare are increasingly driven by third-party vendors, affecting millions of patients and hospital systems globally, experts John Riggi and Richard Staynings emphasized at the HIMSS Healthcare Cybersecurity Forum. Healthcare Finance News reported on the experts’ testimony November 5.

According to the article, cyberattacks have surged from 27 million affected individuals in 2020 to 150 million impacted in the Change Healthcare ransomware attack this February. Riggi, a former FBI agent and cybersecurity advisor with the American Hospital Association, highlighted the vulnerability of interconnected systems, where a single breach can cascade across entire sectors. For instance, a faulty software update from cybersecurity firm CrowdStrike in July caused global IT outages, affecting healthcare, banking, and other industries.

Despite billions spent annually on cybersecurity, health systems struggle to safeguard data once shared outside hospital walls. "Who has our data?" Staynings asked, underscoring a pressing need for data oversight, Healthcare Finance News reports.

The experts emphasized threats from international cyber actors, with criminal activity originating in Russia and China targeting US systems and even spreading election-related disinformation, the outlet reports. Cyberattacks can compromise both privacy and patient care, as was the case recently when an attack on a nearby hospital diverted patients and reduced survival rates for emergencies like cardiac arrest. The speakers urged healthcare leaders to consider stronger vendor management and robust security protocols.