Healthcare Providers Must Plan for Ransomware Attacks on Third-Party Suppliers

Healthcare Providers Must Plan for Ransomware Attacks on Third-Party Suppliers

August 9, 2024 at 08:18AM

The American Hospital Association and the Health-ISAC issued a joint threat bulletin cautioning about ransomware attacks causing blood shortages and disrupting patient care in the U.S. and U.K. The bulletin highlighted recent attacks and urged healthcare organizations to prepare for supply chain disruptions and develop risk management plans for third-party vendors.

Based on the meeting notes, the key takeaways are as follows:

– The American Hospital Association and the Health-ISAC have issued a joint threat bulletin alerting healthcare organizations about ransomware attacks by Russian cybercrime ransomware gangs. These attacks have caused blood shortages and disrupted patient care in the U.S. and U.K.

– Healthcare delivery organizations, hospitals, and health systems are urged to prepare for physical supply chain disruptions caused by cyberattacks on third-party vendors, which could significantly impact patient care delivery.

– The bulletin highlighted three recent ransomware attacks against blood suppliers, impacting Florida-based blood supplier OneBlood, pathology provider Synnovis, and blood plasma provider Octapharma.

– It is recommended for healthcare IT teams to consider how supply-chain outages will impact business operations and patient care, and to identify single points of failure. Additionally, organizations are advised to incorporate mission-critical suppliers into enterprise risk management and emergency management plans and to develop multi-disciplinary Third-Party Risk Management governance committees and programs.

– The bulletin also recommends evaluating third-party vendors based on their essentiality to the healthcare mission, potential catastrophic consequences if the vendor fails, and the availability of suitable alternatives.

These takeaways provide a clear understanding of the ransomware attacks’ impact on the healthcare sector and the recommended measures to mitigate future risks and disruptions.

Full Article