Healthcare Orgs, Take Control of Your Network! Level Up Cyber Hygiene with Diligent Vendor Vetting and Software Segmentation

The digital transformation of healthcare organizations has significantly increased reliance on software and medtech devices, weaving a complex web of interdependencies in their supply chains. This shift raises critical vulnerabilities as highlighted by infamous incidents like the SolarWinds breach, underscoring the urgency for enhanced cyber hygiene practices. With recent executive orders pushing for better security protocols, healthcare organizations are under pressure to fortify their supply chains against escalating cyber threats.

What strategies can healthcare organizations employ to effectively manage the cyber hygiene of their healthcare supply chain, including software and medtech devices?

Robin Berthier, CEO and founder of Network Perception, advocates for rigorous cyber hygiene practices within healthcare supply chains on a recent episode of Expert’s Talk. He emphasizes the necessity of standard vendor questionnaires and robust security protocols and underscores the importance of continuous vendor risk assessments and software segmentation to effectively mitigate potential cyber threats, drawing lessons from major breaches like SolarWinds.

Key takeaways:

1. Develop Standard Questionnaires for Vendors: Establishing standard questionnaires for all vendors can help assess the risks introduced by third parties and ensure they adhere to secure coding best practices.
2. Vet Vendor Security Practices: It’s crucial to scrutinize the security practices surrounding the build environments of vendors to prevent incidents similar to the SolarWinds breach, where malware was inserted directly into the source code.
3. Implement Software Segmentation: By applying segmentation to software, organizations can contain potential breaches within manageable risk levels, thereby minimizing widespread impact.
4. Regular Patching and Updates: Ensuring that all software and devices within the supply chain are regularly updated and patched can significantly reduce vulnerabilities.
5. Continuous Risk Assessment: Continual evaluation of the risks posed by vendors and their products is essential to adapting and strengthening cybersecurity measures over time.

Article written by Sonia Gossai