Health-ISAC and the American Hospital Association (AHA) have issued a joint threat bulletin following three ransomware attacks on blood suppliers, causing blood shortages and disrupting patient care.
- On July 30, the attack on OneBlood prompted the Florida Hospital Association to recommend hospitals activate their critical blood shortage protocols.
- On early June, the attack on UK based Synovis caused massive disruption with more than 800 operations and 700 outpatient appointments being canceled and resulted in major blood shortages.
- On April, the attack on Octapharma Plasma resulted in the temporary closure of its 190 U.S. plasma donation centers and plasma manufacturing facilities.
Ransomware groups have been increasingly targeting third-party infrastructure as the possible massive disruption caused by an attack increases the likelihood of a ransom being paid by the providers.
Health-ISAC and the AHA said the nature and proximity of these three attacks should serve as a wake-up call for the healthcare industry. while attacks prevent access to electronic health records and cause disruption, these three attacks demonstrated how attacks on suppliers can cause disruptions to patient care at multiple hospitals and health systems.
“The outcomes of these attacks highlight the need to incorporate mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected healthcare ecosystem,” the bulletin reads.
Health systems should identify essential suppliers to the healthcare mission, and redundancy should be built into the supply chain strategy by identifying alternative suppliers or using multiple suppliers to minimize the impact of an attack on critical medical suppliers, the bulletin suggests.
Neal Dennis, Sr. Threat Intelligence Analyst, Cyware had this to say:
“The recent ransomware attacks targeting blood suppliers underscore the critical importance of strengthening cybersecurity measures in the healthcare supply chain. ISACs play a vital role in providing health entities with access to real-time threat intelligence and resources, especially for organizations with limited capacity to manage these threats independently. Through information sharing and collaboration facilitated by ISACs, healthcare organizations can respond more effectively to cyber threats and protect patient care. By integrating mission-critical and life-critical third-party suppliers into their enterprise risk management plans, organizations can enhance resilience. Proactively identifying essential suppliers and establishing redundancy in the supply chain further mitigates the impact of cyberattacks on critical medical supplies.”
This highlights the need for health care organizations of all sorts to step up their game when it comes to cybersecurity. Because if they don’t step up their game, it will only be a matter of time before something really bad happens.
Like this:
Like Loading...
Related
This entry was posted on August 8, 2024 at 8:11 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
H-ISAC and AHA issue joint call-to-action after 3 ransomware attacks on mission-critical suppliers
Health-ISAC and the American Hospital Association (AHA) have issued a joint threat bulletin following three ransomware attacks on blood suppliers, causing blood shortages and disrupting patient care.
Ransomware groups have been increasingly targeting third-party infrastructure as the possible massive disruption caused by an attack increases the likelihood of a ransom being paid by the providers.
Health-ISAC and the AHA said the nature and proximity of these three attacks should serve as a wake-up call for the healthcare industry. while attacks prevent access to electronic health records and cause disruption, these three attacks demonstrated how attacks on suppliers can cause disruptions to patient care at multiple hospitals and health systems.
“The outcomes of these attacks highlight the need to incorporate mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected healthcare ecosystem,” the bulletin reads.
Health systems should identify essential suppliers to the healthcare mission, and redundancy should be built into the supply chain strategy by identifying alternative suppliers or using multiple suppliers to minimize the impact of an attack on critical medical suppliers, the bulletin suggests.
Neal Dennis, Sr. Threat Intelligence Analyst, Cyware had this to say:
“The recent ransomware attacks targeting blood suppliers underscore the critical importance of strengthening cybersecurity measures in the healthcare supply chain. ISACs play a vital role in providing health entities with access to real-time threat intelligence and resources, especially for organizations with limited capacity to manage these threats independently. Through information sharing and collaboration facilitated by ISACs, healthcare organizations can respond more effectively to cyber threats and protect patient care. By integrating mission-critical and life-critical third-party suppliers into their enterprise risk management plans, organizations can enhance resilience. Proactively identifying essential suppliers and establishing redundancy in the supply chain further mitigates the impact of cyberattacks on critical medical supplies.”
This highlights the need for health care organizations of all sorts to step up their game when it comes to cybersecurity. Because if they don’t step up their game, it will only be a matter of time before something really bad happens.
Share this:
Like this:
Related
This entry was posted on August 8, 2024 at 8:11 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.