The Cloud Security Alliance (CSA) issued best practices for healthcare organizations to mitigate supply chain cyber risks in the Healthcare Supply Chain Cybersecurity Risk Management paper. 

“The move to the cloud and edge computing has expanded HDOs’ electronic perimeters, not only making it harder for them to secure their infrastructure but also making them more attractive targets for cyberattacks. Given the importance of the supply chain, it’s critical that HDOs identify, assess, and mitigate supply chain cyber risks to ensure their business resilience,” said Dr. James Angle, the paper’s lead author and co-chair of the Health Information Management Working Group.

The current approaches to supply chain risk management are increasingly facing the need to change as the Department of Health and Human Services and the Office of Civil Rights are stepping up investigations and fines. 

The most important recommendations for health organizations to follow are to:

  1. Inventory all suppliers, then prioritize, and identify those they consider to be strategic suppliers
  2. Tier suppliers based on risk, using a third-party risk rating service if possible
  3. Contractually require suppliers to maintain security standards
  4. Develop a schedule for reevaluating suppliers

For more information on these recommendations, read the paper.