Understanding Supply Chain Attacks in Healthcare – White Paper
The Domino Effect: Understanding Supply Chain Attacks in Healthcare
A Product of the Health-ISAC UCF Internship Program, spearheaded By: Taylor Porter, Gabriel Saavedra
Glean insights into the current state of supply chain risk management and its future. These insights can provide CISOs with questions to inform how their cybersecurity teams can best identify and mitigate risks in their environments.
The Domino Effect Understanding Supply Chain Attacks In Healthcare
Size : 3.6 MB Format : PDF
Executive Summary
The June 2023 cyberattack on Progress MOVEit demonstrated how threat actors can target an organization’s supply chain through third-party and partner connections to cause disruptions across multiple sectors. Other recent major cyberattacks include SolarWinds, Kaseya, NMP IconBurst, and Cyber Av3ngers Unitronics. These attacks demonstrate how threat actors with varying intents and capabilities can exploit vulnerabilities within a supply chain. By attacking a third-party entity to target an organization (or set of organizations), threat actors can circumvent a strong security infrastructure by exploiting the supply chain itself as a springboard by exploiting previously unknown vulnerabilities, or zero-days.
Examining these attacks can allow us to glean insights into the current state of supply chain risk management and its future. These insights can provide CISOs with questions to inform how their cybersecurity teams can best identify and mitigate risks in their environments. These questions can expose the range of possible attack vectors like security misconfigurations, such as leaving default passwords unchanged, or the use of open-source code in products, which can be sabotaged by threat actors. Answering these questions can also assist in maximizing an organization’s security infrastructure and understanding the security posture of a third party that may be operating a critical business function. Supply chains attacks will continue to be prevalent in critical infrastructure sectors moving forward as threat actors seek to prey on the reliance of their services. However, this can be mitigated by developing a strong security infrastructure, forward-thinking CISOs asking their teams the right questions, and promoting a culture of cyber resilience by engaging in information sharing and developing relationships with peers, partners and public sector agencies.
- Related Resources & News
- Health-ISAC Hacking Healthcare 8-26-2024
- What is Threat Intelligence? A Comprehensive Overview
- Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
- Federal Authorities Work to Boost Health-Care Cybersecurity
- Health-ISAC Hacking Healthcare 8-9-2024
- Health-ISAC Medical Device Blog – VEX
- Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
- Health-ISAC Hacking Healthcare 8-2-2024
- Protecting Healthcare Organizations with Human-Centric Email Security
- American Hospital Association and Health-ISAC Joint Threat Bulletin