Cyber Security is a real & ever-present concern for any organization. It is even so in the healthcare sector where there is an enormous amount of data that is sensitive and can be easily used for malicious attack if there are no proper safeguards. While IT and Security plays a bigger role in devising a security solution to meet the organization’s need, Procurement still plays an important role in it because of the access to sensitive data which consist of both internal, clients and supplier information.
Factor #1 – Information at Risk
Procurement being in a strategic role has access to valuable information such as: payment information such as credit card and bank account details; company information and personal information such as patient profile. Other information such as stock records on the medication and supplies are also affected as dispensing the wrong type or in the wrong amount could be critical for the patients involved.
Hackers are aiming for this information because this information are valuable and can be used for malicious purposes such as medical frauds, ransom or death threats. These will cost money to recover. Procurement must be very careful because a cyber security attack could disrupt the digital system and the information obtained can also be used for disruption to control spending.
Factor #2 – Increasing Mobile Threats
With the continued growth in the Bring Your Own Device (BYOD) work environment, more and more professionals are using smartphones that are connected to the WiFi Network. Professionals at work are also viewing multiple inboxes – which are connected to both work and personal accounts – at the same time.
These pose a potential threat to the work environment, where information can slip through without the users realizing his/her accounts have been compromised. With the mobile device being connected on the internal Wi-Fi at work, threats can slip through the security network undetected without the users knowing it.
Factor #3 – Devices connected to Internet of Things (IoT)
Apart from mobile devices, there are other devices or systems within a healthcare setting that are connected to Internet of Things (IoT). These devices or systems may be even more crucial to the healthcare setting as it not only have the personal data of the patients, it also involves the health and safety of the patients. If a crucial system is being knocked offline, the patients will suffer.
Likewise, supply chain threats are potential risks to any healthcare organization. A cyber-attack can introduce unwanted elements in the system and disrupt the entire system such as disruption of daily operations, manipulation of data, the creation of fake devices, and importantly, it will affect business continuity.
The image below shows how a patient data can be accessed by IoT enabled the device in a healthcare setting.
Factor #4 – Reputation at Risk
When a healthcare organization is affected by cyber-attack, how it responds is crucial. Transparency is the key in ensuring reputational damage is mitigated as much as possible.
It is important to note a healthcare organization’s reputation is the most important asset. If a healthcare organization did not do enough in protecting the data that it has, patients will be tempted to choose another service provider whom can better protect their personal data.
Factor #5 – Procurement Role in Cyber Security
Procurement professional must be adequately trained to know the basic fundamentals of cybersecurity. These are usually found in the best practices that can also be found online, as follows:
• Think before opening the attachments or links sent by unknown senders or even from suppliers/colleagues. Verify with them if you find it suspicious.
• Always lock your computer when you are away from the desk to prevent unauthorized access.
• Practice caution when using public Wi-Fi and conscious of the conversations in public. It could lead to public disclosure of confidential information.
• Be aware of the cybersecurity risks. Keep abreast on what are the latest methods being used and think if you are well protected enough.
Cassandra Chng Li Wen, DLSM. (2018). “Seven Key Strategies for Effective Supply Chain Security”. Retrieved from SIPMM: https://publication.sipmm.edu.sg/seven-key-strategies-effective-supply-chain-security, accessed 17 Dec 2018.
Florita Dijamco Adan, DPSM. (2018). “Techniques for Managing Central Supply Store in the Healthcare Sector” Retrieved from SIPMM: https://publication.sipmm.edu.sg/techniques-managing-central-supply-store-healthcare-sector, accessed 25 Dec 2018.
John Nye. (2018). “The Top Four Healthcare Cybersecurity Trends for 2018”. Retrieved from https://cynergistek.com/blog/top-four-healthcare-cybersecurity-trends, accessed 17 Dec 2018.
Keith Murphy. (2017). “Procurement Best Practices to Fight Against Cyber Attacks”. Retrieved from https://www.purchasecontrol.com/blog/cyber-security-procurement, accessed 17 Dec 2018.
Mayra Rosario Fuentes and Numaan Huq. (2018). “Securing Connected Hospitals – A research on Exposed Medical System and Supply Chain Risk.” Retrieved from https://documents.trendmicro.com/assets/rpt/rpt-securing-connected-hospitals.pdf?_ga=2.59872685.1457826955.1545857295-2037357474.1545857295, accessed 24 Dec 2018.
Salwa Rafee. (2018). “2018 Cybersecurity Trends in Healthcare”. Retrieved from https://healthitsecurity.com/features/top-mid-year-healthcare-cybersecurity-trends, accessed 17 Dec 2018.
Yana Arnautova. (2018). “Top Healthcare Industry Trends to Watch in 2018 and Beyond”. Retrieved from https://www.globallogic.com/blogs/top-healthcare-industry-trends-to-watch-in-2018-and-beyond, accessed 17 Dec 2018.