Six Crucial Factors on Cyber Security for Healthcare Procurement

Written by David Toh Rongli, ADPSM

by David Toh Rongli, ADPSM

Six Crucial Factors on Cyber Security for Healthcare Procurement

Written by David Toh Rongli, ADPSM

by David Toh Rongli, ADPSM

by David Toh Rongli, ADPSM

Cyber Security is a real & ever-present concern for any organization. It is even so in the healthcare sector where there is an enormous amount of data that is sensitive and can be easily used for malicious attack if there are no proper safeguards. While IT and Security plays a bigger role in devising a security solution to meet the organization’s need, Procurement still plays an important role in it because of the access to sensitive data which consist of both internal, clients and supplier information.

The image below shows the interconnectivity between all the data.

Factor #1 – Information at Risk

Procurement being in a strategic role has access to valuable information such as: payment information such as credit card and bank account details; company information and personal information such as patient profile. Other information such as stock records on the medication and supplies are also affected as dispensing the wrong type or in the wrong amount could be critical for the patients involved.

Hackers are aiming for this information because this information are valuable and can be used for malicious purposes such as medical frauds, ransom or death threats. These will cost money to recover. Procurement must be very careful because a cyber security attack could disrupt the digital system and the information obtained can also be used for disruption to control spending.

Factor #2 – Increasing Mobile Threats

With the continued growth in the Bring Your Own Device (BYOD) work environment, more and more professionals are using smartphones that are connected to the WiFi Network. Professionals at work are also viewing multiple inboxes – which are connected to both work and personal accounts – at the same time.

These pose a potential threat to the work environment, where information can slip through without the users realizing his/her accounts have been compromised. With the mobile device being connected on the internal Wi-Fi at work, threats can slip through the security network undetected without the users knowing it.

Factor #3 – Devices connected to Internet of Things (IoT)

Apart from mobile devices, there are other devices or systems within a healthcare setting that are connected to Internet of Things (IoT). These devices or systems may be even more crucial to the healthcare setting as it not only have the personal data of the patients, it also involves the health and safety of the patients. If a crucial system is being knocked offline, the patients will suffer.

Likewise, supply chain threats are potential risks to any healthcare organization. A cyber-attack can introduce unwanted elements in the system and disrupt the entire system such as disruption of daily operations, manipulation of data, the creation of fake devices, and importantly, it will affect business continuity.

The image below shows how a patient data can be accessed by IoT enabled the device in a healthcare setting.

Factor #4 – Reputation at Risk

When a healthcare organization is affected by cyber-attack, how it responds is crucial. Transparency is the key in ensuring reputational damage is mitigated as much as possible.

It is important to note a healthcare organization’s reputation is the most important asset. If a healthcare organization did not do enough in protecting the data that it has, patients will be tempted to choose another service provider whom can better protect their personal data.

Factor #5 – Procurement Role in Cyber Security

Procurement professional must be adequately trained to know the basic fundamentals of cybersecurity. These are usually found in the best practices that can also be found online, as follows:

• Think before opening the attachments or links sent by unknown senders or even from suppliers/colleagues. Verify with them if you find it suspicious.

• Always lock your computer when you are away from the desk to prevent unauthorized access.

• Practice caution when using public Wi-Fi and conscious of the conversations in public. It could lead to public disclosure of confidential information.

• Be aware of the cybersecurity risks. Keep abreast on what are the latest methods being used and think if you are well protected enough.

Procurement also has to set rules to help to protect the suppliers as well as the healthcare organization from unexpected cyber-attacks coming through the suppliers. As there is no way to know if the supplier has robust cybersecurity settings or standards, procurement has to consider the rules to safeguard the organization.

Procurement knows sharing of data is inevitable and crucial to supplier and organization in order to reach a common goal. Making sure the data is secured is a good way of ensuring work can still be done efficiently yet being well protected. The ones who can access to the information will only be those need-to-know bases and relevant parties involved in it. Likewise, procurement has to consider the idea of what supplier can do with the information that is available to them.

Factor #6 – Preparation in event of Cyber Security Attack

In the event of a cybersecurity breach, there should be a contingency plan so that the staff will know who to inform. As time matters in cybersecurity attack, it is important to bring it up at the soonest. IT & Security should come out with an incident response plan and this should be communicated to all staff on board. Adequate training can be provided to all staff in the healthcare setting, according to their roles and responsibilities. Procurement professional can also consider to attend conferences to ensure knowledge is up to date.


As procurement will continue to grow within the healthcare organizations, they have to be aware on how to protect the valuable data they are handling on a daily basis with care. Apart from getting procurement professional to be adequately trained on good cybersecurity practices, others important factors such as implementing rules for suppliers and having a clear incident response plan will also help to ensure procurement will play an important role in the healthcare organization cybersecurity landscape. On top of its role as a cost-saving function, Procurement has the additional role of the gatekeeper to ensure the healthcare organization’s data is not compromised.

Cassandra Chng Li Wen, DLSM. (2018). “Seven Key Strategies for Effective Supply Chain Security”. Retrieved from SIPMM:, accessed 17 Dec 2018.

FloritaDijamco Adan, DPSM. (2018). “Techniques for Managing Central Supply Store in the Healthcare Sector.” Retrieved from SIPMM:, accessed 25 Dec 2018.

John Nye. (2018). “The Top Four Healthcare Cybersecurity Trends for 2018”. Retrieved from, accessed 17 Dec 2018.

Keith Murphy. (2017). “Procurement Best Practices to Fight Against Cyber Attacks”. Retrieved from, accessed 17 Dec 2018.

Mayra Rosario Fuentes and NumaanHuq. (2018). “Securing Connected Hospitals – A research on Exposed Medical System and Supply Chain Risk.” Retrieved from, accessed 24 Dec 2018.

SalwaRafee. (2018). “2018 Cybersecurity Trends in Healthcare”. Retrieved from, accessed 17 Dec 2018.

Yana Arnautova. (2018). “Top Healthcare Industry Trends to Watch in 2018 and Beyond”. Retrieved from, accessed 17 Dec 2018.

About the Author: David Toh has substantive years of experience in purchasing, inventory and logistics management, specifically in the construction industry. He is currently involved in the Healthcare sector focusing on Integrated Long-Term Care for the elderly. He is a member of the Singapore Institute of Purchasing and Materials Management (SIPMM). David completed the Advanced Diploma in Procurement and Supply Management (ADPSM) course on January 2019 at SIPMM.