• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Healthcare • Ransomware • Security  /  Healthcare: Cybersecurity risks with vendors
06 September 2017

Healthcare: Cybersecurity risks with vendors

Written by Seqrite
Seqrite
Healthcare, Ransomware, Security
Estimated reading time: 3 minutes

There has been a surge in cyber attacks in the healthcare industry. Ransomware attacks have increased across all sectors, but healthcare industry is particularly vulnerable to such attacks. Getting locked out of systems while handling critical patient data or operational data could mean that the whole organization comes to a halt. In critical care situations, the results can be devastating and life threatening. Even in non-critical health care, the impact of being locked out of the system means patients cannot get the care they need, prolonging their illness and financial strain along with other impacts. This is true for any kind of cyber attack and not just ransomware.

Many healthcare organizations have started taking steps towards securing their IT infrastructure against malicious attacks. They now implement cyber security solutions to secure their physical end points and the network that connects to the internet. However, there is still one major source of cyber threat that usually escapes from their scrutiny and that is ‘their vendors’. The vendors, who connect with the organization network, usually escape the rigid cyber scrutiny that is required. A weak cyber security in vendor’s infrastructure can put the whole of IT infrastructure of the organization at risk.

Why is there a risk?

Organizations share sensitive data with their vendors. These vendors, depending upon the nature of their service, may share that data with their own vendors or partners. These third parties connect to the IT infrastructure of the healthcare institution. Be it various providers like CRM solution, insurance, medical equipment and medical supplies or government and regulatory agencies, the institutions connect across multiple industries and many of them are private organizations. Many times, these private organizations do not share the information of any data breach incident at their end as they foresee a negative impact on their business. The organization never comes to know that a vendor has been compromised and in turn, they too may be compromised. The risk is even higher in case of fourth party (vendor’s vendor) breach. It is almost certain that organizations will never know about fourth party breach.

What is the risk?

The risks associated with the vendors are pretty much the same that the organization itself may face. However, since they are beyond direct control, they need to be assessed and mitigated specifically. Some of these risks include:

  • Outdated endpoints: To save on costs vendors may be working with laptops, tablets or computers that are old and outdated. They may also be using an outdated, unsupported operating systems (such as Windows XP). Outdated systems and unsupported operating systems are usually easy targets for an attack (As recently proven by attack on Windows XP users). Apart from cyber attacks, these end points are also susceptible to data theft. This makes the organization vulnerable to various kinds of cyber risks.
  • Outdated medical devices: Medical devices are not at the top of our mind when it comes to evaluating cyber security. However, today many of the devices are computerized and connected to the network for fast sharing of information. Since they are quite costly and not perceived as a threat, organizations rarely upgrade their devices until compelled to do so. These outdated devices can be an easy target for newer threats that exploit the weakness in old software. A malicious piece of code can create havoc with machine’s readings and patient’s diagnosis.
  • Ransomware: This is one the most dangerous kind of risks for a healthcare provider. Getting locked out of all the patient’s symptoms, past diagnosis and treatment can put the life of patients at risk. Due to such huge risks, hospitals tend to give in to ransom demands to get access to their systems quickly. Therefore, they are a favorite with cyber criminals. The ransomware malware can flow hidden in the data stream coming from the vendor.
  • Loss of reputation: Patients and people, in general, tend to stay away from the organizations that are hacked. No one wants to share their information with an organization that cannot keep it safe. This translates into a loss of reputation, loss of business and potential legal complications.

Healthcare organizations may not be able to control the IT infrastructure of their vendors directly. However, they can and should build the mitigating clauses into their contract to ensure that every bit of data flowing to and from the vendor is clean and safe. They should implement the gateway security to ensure that all data coming in from the vendor is scanned for any malicious code that may have sneaked into the data stream and should be blocked immediately.

As an IT security partner for your business, Seqrite provides comprehensive endpoint security from advanced cyber threats. To know more, visit our website or

seqrite_cta1

 Previous PostRisks of using outdated software, OS, and browsers
Next Post  CVE-2017-9805 – Apache Struts 2 Remote Code Execution Vulne...
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • BEC and Ransomware attacks unsettle businesses globally.

    BEC and Ransomware attacks increase during the pandemic

    January 22, 2021
  • Thanos Ransomware adopts hyper-weaponized RIPlace tactics — collects huge pay-offs.

    Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic

    November 18, 2020
  • Hackers ransack businesses by riding on the modern-day Trojan Horse.

    PonyFinal Ransomware dubbed by many as the modern-day Trojan horse.

    August 26, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.