首页 > 资讯 > 医疗保健中的供应链安全：在不可避免的威胁中生存

医疗保健中的供应链安全：在不可避免的威胁中生存

泰然健康网
2024-12-20 09:46

In 2022, Gartner estimated that by 2025, 45% of organisations will have experienced a supply- chain cyber-attack – a prediction that unfortunately appears to be coming to fruition. This year, however, presents an even more dangerous landscape, particularly for organisations operating critical national infrastructure, such as healthcare providers.

Gartner估计，到2022年，45%的组织将遭遇供应链网络攻击，不幸的是，这一预测似乎即将实现。然而，今年的形势更加危险，尤其是对于运营关键国家基础设施的组织，如医疗保健提供者。

With over 50 countries running high stakes elections in 2024, the potential for severe disruption has never been higher. Threat actors will be looking to take advantage of poorly protected CNIs with sprawling supply chains to work their way into governmental networks and wreak havoc, and healthcare organisations are a perfect entry point..

随着50多个国家在2024年举行高风险选举，严重破坏的可能性前所未有。威胁行为者将寻求利用保护不善、供应链庞大的国家信息中心进入政府网络并造成严重破坏，医疗保健组织是一个完美的切入点。。

Healthcare organisations often struggle with time and resource constraints, leading many to outsource services such as HR, payroll, and cleaning services. This creates a sprawling ecosystem of partners, each representing a potential entry point for an attack. On top of this, healthcare organisations are almost always connected to third-party pharmaceutical suppliers, academic institutions, and software vendors – creating a complex network of players outside of the organisation’s control..

医疗保健机构经常面临时间和资源的限制，导致许多机构将人力资源、工资和清洁服务等服务外包。这创造了一个由合作伙伴组成的庞大生态系统，每个合作伙伴都代表了一个潜在的攻击切入点。除此之外，医疗保健组织几乎总是与第三方制药供应商、学术机构和软件供应商联系在一起，形成了一个不受组织控制的复杂参与者网络。。

Additionally, healthcare relies heavily on operational technology (OT) for many critical functions. Due to its size and value, OT often has a very long lifespan, hindering the possibility for newer operating systems to come into play. This makes it extremely difficult, sometimes nearly impossible, to implement critical software updates, opening a backdoor for cybercriminals to exploit these outdated systems..

此外，医疗保健在许多关键功能上严重依赖操作技术（OT）。由于其规模和价值，OT通常具有很长的寿命，阻碍了新操作系统发挥作用的可能性。这使得实施关键软件更新极其困难，有时几乎不可能，为网络犯罪分子利用这些过时的系统打开了后门。。

The allure for cybercriminals is clear – a single breach can grant them access to multiple organisations within the supply chain, opening the door to every other organisation in the supply chain. This foothold allows them to disrupt operations, steal sensitive patient data, and with many healthcare organisations having a direct connection to government networks, such as the NHS, this gives threat actors the opportunity to move across the supply chain to the bigger players.

对网络犯罪分子的诱惑是显而易见的——一次漏洞就可以让他们进入供应链中的多个组织，为供应链中的所有其他组织打开大门。这种立足点使他们能够扰乱运营，窃取敏感的患者数据，并且由于许多医疗保健组织与NHS等政府网络有直接联系，这为威胁行为者提供了跨越供应链向更大参与者转移的机会。

The potential ROI is simply too high for bad actors ignore, especially in an election year when causing major disruptions might be particularly appealing..

潜在的投资回报率实在太高了，不好的演员无法忽视，特别是在选举年，造成重大干扰可能特别有吸引力。。

Risk evaluation & communication are key

风险评估和沟通是关键

The key for healthcare organisations lies in proactive security measures. These involve taking a long term approach to security by evaluating their supply chain partners and the threat landscape to develop a comprehensive strategy that focuses on preventing breaches before they occur.

医疗保健组织的关键在于积极主动的安全措施。这些措施包括采取长期的安全方法，通过评估其供应链合作伙伴和威胁情况，制定一项综合战略，重点是在违规发生之前预防违规。

Architectural best practices: It starts with your own network

架构最佳实践：从您自己的网络开始

Network architecture plays a vital role in minimising risk, so organisations must make sure they are working with secure networks before any improvements to their supply chain security can be done. Methods such as implementing strong authentication protocols to ensure only authorised users can access sensitive data and systems, isolating critical systems to prevent a breach in one area compromising the entire network, and prioritising ongoing patch management, are basic strategies that can go a long way in terms of risk mitigation.

网络体系结构在最大程度地降低风险方面起着至关重要的作用，因此组织必须确保他们正在使用安全的网络，然后才能对其供应链安全进行任何改进。实施强大的身份验证协议以确保只有授权用户才能访问敏感数据和系统，隔离关键系统以防止某个领域的漏洞危及整个网络，以及优先考虑正在进行的补丁管理等方法，这些都是基本策略，可以大大降低风险。

These measures ensure that systems are kept up to date and secure, closing any loopholes for cyberattacks..

这些措施确保系统保持最新和安全，填补任何网络攻击漏洞。。

Supplier Vetting: You’re only as strong as your weakest link

供应商审查：你的实力只取决于你最薄弱的环节

Supplier cybersecurity posture should never be taken at face value. Every organisation, especially CNIs should conduct comprehensive risk assessments when onboarding new players in their supply-chains. Evaluating security strategies and adherence to best practices is a great place to start, but organisations can go even further by evaluating alignment with standards such as ISO 27001 and NIST 2.0.

供应商的网络安全姿态不应被视为表面价值。每个组织，尤其是CNI，在为其供应链中的新参与者提供服务时，都应该进行全面的风险评估。评估安全策略和遵守最佳实践是一个很好的起点，但组织可以通过评估与ISO 27001和NIST 2.0等标准的一致性来进一步。

Compliance with these internationally recognised certifications demonstrates a commitment to robust security protocols, giving organisations peace of mind that the partner they’re recruiting will not become a weak link for threat actors to exploit. But vetting shouldn’t stop after the initial assessment – regular audits of all partners is essential in identifying any new vulnerabilities and to ensure the entire supply chain remains secure..

遵守这些国际公认的认证证明了对强大安全协议的承诺，让组织放心，他们正在招募的合作伙伴不会成为威胁行为者利用的薄弱环节。但审查不应在初步评估后停止——对所有合作伙伴的定期审计对于发现任何新的漏洞并确保整个供应链保持安全至关重要。。

Third Party Risk Management: Communication is key

第三方风险管理：沟通是关键

A well-defined and agreed upon risk management programme can be a lifesaver for everyone with a link to the supply chain. It is in every organisation’s best interests to be as secure as possible, so partners should be disclosing any new or potential vulnerabilities they discover with

对于与供应链有联系的每个人来说，一个定义明确且达成一致的风险管理计划都可以成为救命稻草。尽可能安全符合每个组织的最佳利益，因此合作伙伴应披露他们发现的任何新的或潜在的漏洞

all key players. Having a risk mitigation plan that launches into action across the whole supply chain should a vulnerability or breach be discovered would significantly decrease the likelihood of any sensitive data being compromised, as well as block threat actors from moving across the supply chain and infiltrating other networks..

所有关键参与者。如果发现漏洞或漏洞，风险缓解计划将在整个供应链中启动，这将大大降低任何敏感数据被泄露的可能性，并阻止威胁行为者跨越供应链并渗透其他网络。。

Find the threats at their source

找出威胁的来源

The next, and possibly newest, approach to proactive security is dark web monitoring. Stolen data is often offered for sale on the dark web, an environment where cybercriminals can communicate anonymously. By tapping into dark web intelligence, organisations can stay one step ahead of threat actors, getting an upper hand on both breach prevention and data recovery.

下一个可能是最新的主动安全方法是暗网监控。被盗数据通常在暗网上出售，网络犯罪分子可以在这种环境中匿名通信。通过利用黑暗的网络情报，组织可以比威胁行为者领先一步，在防范漏洞和数据恢复方面取得优势。

Some benefits to dark web monitoring include:.

黑暗网络监控的一些好处包括：。

Data Collection: Dark web monitoring can reveal data breaches that may not have been

数据收集：黑暗的网络监控可以揭示可能没有的数据泄露

made public yet, allowing organisations to take the necessary steps to protect

尚未公开，允许组织采取必要措施进行保护

themselves. This may include launching their incident response plan earlier than normal

他们自己。这可能包括比正常情况更早启动事故响应计划

and notifying potentially affected individuals or organisations within their supply chain.

并通知其供应链中可能受影响的个人或组织。

Supply Chain Security Monitoring: Proactive monitoring can identify compromised

供应链安全监控：主动监控可以识别受损

suppliers within the organisation’s network before the breach is disclosed. Once again,

在违规行为被披露之前，组织网络内的供应商。再一次，

allowing for quick mitigation efforts, significantly reducing the impact of the breach.

允许快速缓解工作，大大减少违约的影响。

Incident Response: Data collected from the dark web can inform incident response

事件响应：从黑暗网络收集的数据可以为事件响应提供信息

strategies, by helping organisations understand the nature of the breach, allowing for

战略，通过帮助组织了解违约的性质，允许

evaluation of the scope of the response that is necessary. In a similar light, it can allow

评估必要的响应范围。在类似的情况下，它可以允许

organisations to verify the veracity of the threat. Bad actors will often overstate the

组织验证威胁的准确性。糟糕的演员往往会夸大

amount of data they’ve stolen to pressure organisations into complying with their

他们窃取的数据量迫使组织遵守

demands. Dark web monitoring allows organisations to investigate their claims and gain

需求。黑暗网络监控允许组织调查他们的主张并获得

a clearer picture of the actual situation.

更清楚地了解实际情况。

In a high stakes year such as this, breaches are inevitable, but organisations can significantly reduce their risk by taking on proactive measures to secure themselves and their supply chains. It is no longer about ‘if’ they suffer a breach, it’s about ‘when’ they suffer a breach, so preparation is crucial..

在这样一个高风险的年份，违规是不可避免的，但组织可以通过采取积极措施来保护自己和供应链，从而大大降低风险。这不再是关于“如果”他们遭受违约，而是关于“何时”他们遭受违约，因此准备工作至关重要。。