Cyber Security is a real & ever-present concern for any organization. It is even so in the healthcare sector where there is an enormous amount of data that is sensitive and can be easily used for malicious attack if there are no proper safeguards. While IT and Security plays a bigger role in devising a security solution to meet the organization’s need, Procurement still plays an important role in it because of the access to sensitive data which consist of both internal, clients and supplier information.
The image below shows the interconnectivity between all the data.
Factor #1 – Information at Risk
Procurement being in a strategic role has access to valuable information such as: payment information such as credit card and bank account details; company information and personal information such as patient profile. Other information such as stock records on the medication and supplies are also affected as dispensing the wrong type or in the wrong amount could be critical for the patients involved.
Hackers are aiming for this information because this information are valuable and can be used for malicious purposes such as medical frauds, ransom or death threats. These will cost money to recover. Procurement must be very careful because a cyber security attack could disrupt the digital system and the information obtained can also be used for disruption to control spending.
Factor #2 – Increasing Mobile Threats
With the continued growth in the Bring Your Own Device (BYOD) work environment, more and more professionals are using smartphones that are connected to the WiFi Network. Professionals at work are also viewing multiple inboxes – which are connected to both work and personal accounts – at the same time.
These pose a potential threat to the work environment, where information can slip through without the users realizing his/her accounts have been compromised. With the mobile device being connected on the internal Wi-Fi at work, threats can slip through the security network undetected without the users knowing it.
Factor #3 – Devices connected to Internet of Things (IoT)
Apart from mobile devices, there are other devices or systems within a healthcare setting that are connected to Internet of Things (IoT). These devices or systems may be even more crucial to the healthcare setting as it not only have the personal data of the patients, it also involves the health and safety of the patients. If a crucial system is being knocked offline, the patients will suffer.
Likewise, supply chain threats are potential risks to any healthcare organization. A cyber-attack can introduce unwanted elements in the system and disrupt the entire system such as disruption of daily operations, manipulation of data, the creation of fake devices, and importantly, it will affect business continuity.
The image below shows how a patient data can be accessed by IoT enabled the device in a healthcare setting.
Factor #4 – Reputation at Risk
When a healthcare organization is affected by cyber-attack, how it responds is crucial. Transparency is the key in ensuring reputational damage is mitigated as much as possible.
It is important to note a healthcare organization’s reputation is the most important asset. If a healthcare organization did not do enough in protecting the data that it has, patients will be tempted to choose another service provider whom can better protect their personal data.
Factor #5 – Procurement Role in Cyber Security
Procurement professional must be adequately trained to know the basic fundamentals of cybersecurity. These are usually found in the best practices that can also be found online, as follows:
• Think before opening the attachments or links sent by unknown senders or even from suppliers/colleagues. Verify with them if you find it suspicious.
• Always lock your computer when you are away from the desk to prevent unauthorized access.
• Practice caution when using public Wi-Fi and conscious of the conversations in public. It could lead to public disclosure of confidential information.
• Be aware of the cybersecurity risks. Keep abreast on what are the latest methods being used and think if you are well protected enough.
Procurement also has to set rules to help to protect the suppliers as well as the healthcare organization from unexpected cyber-attacks coming through the suppliers. As there is no way to know if the supplier has robust cybersecurity settings or standards, procurement has to consider the rules to safeguard the organization.
Procurement knows sharing of data is inevitable and crucial to supplier and organization in order to reach a common goal. Making sure the data is secured is a good way of ensuring work can still be done efficiently yet being well protected. The ones who can access to the information will only be those need-to-know bases and relevant parties involved in it. Likewise, procurement has to consider the idea of what supplier can do with the information that is available to them.
Factor #6 – Preparation in event of Cyber Security Attack
In the event of a cybersecurity breach, there should be a contingency plan so that the staff will know who to inform. As time matters in cybersecurity attack, it is important to bring it up at the soonest. IT & Security should come out with an incident response plan and this should be communicated to all staff on board. Adequate training can be provided to all staff in the healthcare setting, according to their roles and responsibilities. Procurement professional can also consider to attend conferences to ensure knowledge is up to date.
As procurement will continue to grow within the healthcare organizations, they have to be aware on how to protect the valuable data they are handling on a daily basis with care. Apart from getting procurement professional to be adequately trained on good cybersecurity practices, others important factors such as implementing rules for suppliers and having a clear incident response plan will also help to ensure procurement will play an important role in the healthcare organization cybersecurity landscape. On top of its role as a cost-saving function, Procurement has the additional role of the gatekeeper to ensure the healthcare organization’s data is not compromised.
Cassandra Chng Li Wen, DLSM. (2018). “Seven Key Strategies for Effective Supply Chain Security”. Retrieved from SIPMM: https://sipmm.edu.sg/seven-key-strategies-effective-supply-chain-security, accessed 17 Dec 2018.
FloritaDijamco Adan, DPSM. (2018). “Techniques for Managing Central Supply Store in the Healthcare Sector.” Retrieved from SIPMM: https://sipmm.edu.sg/techniques-managing-central-supply-store-healthcare-sector, accessed 25 Dec 2018.
John Nye. (2018). “The Top Four Healthcare Cybersecurity Trends for 2018”. Retrieved from https://cynergistek.com/blog/top-four-healthcare-cybersecurity-trends, accessed 17 Dec 2018.
Keith Murphy. (2017). “Procurement Best Practices to Fight Against Cyber Attacks”. Retrieved from https://www.purchasecontrol.com/blog/cyber-security-procurement, accessed 17 Dec 2018.
Mayra Rosario Fuentes and NumaanHuq. (2018). “Securing Connected Hospitals – A research on Exposed Medical System and Supply Chain Risk.” Retrieved from https://documents.trendmicro.com/assets/rpt/rpt-securing-connected-hospitals.pdf?_ga=2.59872685.1457826955.1545857295-2037357474.1545857295, accessed 24 Dec 2018.
SalwaRafee. (2018). “2018 Cybersecurity Trends in Healthcare”. Retrieved from https://www.ibm.com/blogs/insights-on-business/healthcare/2018-cybersecurity-trends-healthcare, accessed 17 Dec 2018.
Yana Arnautova. (2018). “Top Healthcare Industry Trends to Watch in 2018 and Beyond”. Retrieved from https://www.globallogic.com/blogs/top-healthcare-industry-trends-to-watch-in-2018-and-beyond, accessed 17 Dec 2018.