• News
  • Security
  • Products
  • About Seqrite
Blogs on Information Technology, Network & Cybersecurity | Seqrite Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Healthcare • Ransomware • Security  /  Healthcare: Cybersecurity risks with vendors
Healthcare: Cybersecurity risks with vendors
06 September 2017

Healthcare: Cybersecurity risks with vendors

Written by Seqrite
Seqrite
Healthcare, Ransomware, Security

There has been a surge in cyber attacks in the healthcare industry. Ransomware attacks have increased across all sectors, but healthcare industry is particularly vulnerable to such attacks. Getting locked out of systems while handling critical patient data or operational data could mean that the whole organization comes to a halt. In critical care situations, the results can be devastating and life threatening. Even in non-critical health care, the impact of being locked out of the system means patients cannot get the care they need, prolonging their illness and financial strain along with other impacts. This is true for any kind of cyber attack and not just ransomware.

Many healthcare organizations have started taking steps towards securing their IT infrastructure against malicious attacks. They now implement cyber security solutions to secure their physical end points and the network that connects to the internet. However, there is still one major source of cyber threat that usually escapes from their scrutiny and that is ‘their vendors’. The vendors, who connect with the organization network, usually escape the rigid cyber scrutiny that is required. A weak cyber security in vendor’s infrastructure can put the whole of IT infrastructure of the organization at risk.

Why is there a risk?

Organizations share sensitive data with their vendors. These vendors, depending upon the nature of their service, may share that data with their own vendors or partners. These third parties connect to the IT infrastructure of the healthcare institution. Be it various providers like CRM solution, insurance, medical equipment and medical supplies or government and regulatory agencies, the institutions connect across multiple industries and many of them are private organizations. Many times, these private organizations do not share the information of any data breach incident at their end as they foresee a negative impact on their business. The organization never comes to know that a vendor has been compromised and in turn, they too may be compromised. The risk is even higher in case of fourth party (vendor’s vendor) breach. It is almost certain that organizations will never know about fourth party breach.

What is the risk?

The risks associated with the vendors are pretty much the same that the organization itself may face. However, since they are beyond direct control, they need to be assessed and mitigated specifically. Some of these risks include:

  • Outdated endpoints: To save on costs vendors may be working with laptops, tablets or computers that are old and outdated. They may also be using an outdated, unsupported operating systems (such as Windows XP). Outdated systems and unsupported operating systems are usually easy targets for an attack (As recently proven by attack on Windows XP users). Apart from cyber attacks, these end points are also susceptible to data theft. This makes the organization vulnerable to various kinds of cyber risks.
  • Outdated medical devices: Medical devices are not at the top of our mind when it comes to evaluating cyber security. However, today many of the devices are computerized and connected to the network for fast sharing of information. Since they are quite costly and not perceived as a threat, organizations rarely upgrade their devices until compelled to do so. These outdated devices can be an easy target for newer threats that exploit the weakness in old software. A malicious piece of code can create havoc with machine’s readings and patient’s diagnosis.
  • Ransomware: This is one the most dangerous kind of risks for a healthcare provider. Getting locked out of all the patient’s symptoms, past diagnosis and treatment can put the life of patients at risk. Due to such huge risks, hospitals tend to give in to ransom demands to get access to their systems quickly. Therefore, they are a favorite with cyber criminals. The ransomware malware can flow hidden in the data stream coming from the vendor.
  • Loss of reputation: Patients and people, in general, tend to stay away from the organizations that are hacked. No one wants to share their information with an organization that cannot keep it safe. This translates into a loss of reputation, loss of business and potential legal complications.

Healthcare organizations may not be able to control the IT infrastructure of their vendors directly. However, they can and should build the mitigating clauses into their contract to ensure that every bit of data flowing to and from the vendor is clean and safe. They should implement the gateway security to ensure that all data coming in from the vendor is scanned for any malicious code that may have sneaked into the data stream and should be blocked immediately.

As an IT security partner for your business, Seqrite provides comprehensive endpoint security from advanced cyber threats. To know more, visit our website or

seqrite_cta1

 Previous PostRisks of using outdated software, OS, and browsers
Next Post  CVE-2017-9805 – Apache Struts 2 Remote Code Execution Vulne...
Seqrite

About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Why Healthcare Has Become the Top Target for Cyberattacks in India – and What we Can Do about it

    May 22, 2025
  • The DPDP Act 2023 Guide for Healthcare Leaders

    April 25, 2025
  • Ransomware Attack Over Publicly Shared SMB2 Connections and Staying Protected with Seqrite

    March 11, 2025
Featured Authors
  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director of Quick Heal Technologies...

    Read more..
  • Mahua Chakrabarthy
    Mahua Chakrabarthy

    A tea connoisseur who firmly believes that life is too short for dull content....

    Read more..
Topics
apt (20) Cyber-attack (36) cyber-attacks (58) cyberattack (16) cyberattacks (13) Cybersecurity (324) cyber security (32) Cyber threat (33) cyber threats (48) Data (11) data breach (55) data breaches (28) data loss (28) data loss prevention (34) data privacy (12) data protection (25) data security (15) DLP (49) Encryption (16) endpoint security (108) Enterprise security (17) Exploit (14) firewall (11) GDPR (12) hackers (11) malware (76) malware attack (23) malware attacks (12) MDM (25) Microsoft (15) Network security (22) Patch Management (12) phishing (27) Ransomware (67) ransomware attack (30) ransomware attacks (30) ransomware protection (14) security (11) Seqrite (33) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (16) windows (11)
Loading
Resources
  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies
About Us
  • About Seqrite
  • Leadership
  • Awards & Certifications
  • Newsroom
Archives
  • By Date
  • By Category
Loading

© 2025 Quick Heal Technologies Ltd. Cookie Policies Privacy Policies