A Singular Aspect of Risk Management

As a security and privacy practitioner, you understand the importance of risk management. Perhaps you are a member of the risk management committee in your organization, or you may serve in an advisory role for that committee. The enormous task of risk management requires careful thought and consideration.

Some aspects of a complete risk management plan include the acknowledgment of known vulnerabilities, as well as predictions about unknown vulnerabilities. Topics such as security awareness training, threat management, access control, incident response, risk mitigation, and many others must be taken into consideration.

While the majority of risk management processes focus on internal operations of the organization, the rise of vulnerabilities from trusted external partners is also a significant part of the risk management process. External partners form a substantial part of the supply chain in any organization. In a healthcare environment, there are unique risks associated with these supply chains.

What is the supply chain?

The supply chain can be thought of as anything that provides goods or services to an organization outside of that organization’s sphere. This exposes many necessary dependencies in the normal functioning of a business. The supply chain is not limited to physical devices. In many cases, a supply chain can include data, and in the new world of computing, many parts of cloud-based systems are part of a supply chain. Although the cloud is designed as a secure system , it is a shared responsibility, and examples of misconfiguration vulnerabilities can be very damaging.

All of these dependencies must be viewed with a critical eye. As was demonstrated in the Covid-19 pandemic, a supply chain disruption for something as seemingly simple as a surgical mask can become a critical item in an emergency. Similarly, targeted attacks against medical data also highlight the risks of supply chain disruption.

Risks To The Healthcare Supply Chain Are Diverse And Varied

In any profession, some risks to the supply chain include shared items, such as vendor patches, and virus updates. These can be time-sensitive, and any implementation delays can cause disruptions to the normal flow of the business.

In the healthcare field, supply chain disruptions include those and can include many more, including, hardware recalls, medication manufacturer notices, and the proliferation of Internet of Medical Things (IoMT) devices. All of these pose risks that can disrupt a healthcare facility. Supply chain disruptions can be problematic for any business, but when patient health is at stake as it is in the healthcare field, prevention of these disruptions carries a higher urgency.

How Long Is The Chain In Your Organization?

Ever since the Target Breach of 2013 , vendor management has become an important concern for most companies. Prior to that, in 2008, the Cyber Supply Chain Risk Management (C-SCRM ) program was already underway by The National Institute of Standards and Technology (NIST).

Further publications have extended supply chain guidance to non-federal systems as well.

When one considers the number of possible vendors for any business entity, it becomes clear that a supply chain may be much longer than initially anticipated. In the healthcare field supply chain list for even a small medical practice can extend into the hundreds. Along with the lengthy list are the rising costs associated with increasing supply chain providers. One estimate anticipates that by 2022, health facility supply chain costs will exceed facility labor costs.

Part of the HIPAA security standards rule prescribes that “business associates” adhere to strict security measures to ensure the confidentiality, integrity, and availability of protected data. This opens up an entirely new area of practice for someone with specialized training in healthcare security and privacy.

Isn’t this simply a logistical problem?

Many security practitioners entered the profession with the dream of being an elite hacker. This is an admirable goal, but it is a narrow focus on a very large field. Over the course of a security practitioner’s professional development, other avenues become available that can be equally interesting and rewarding. Supply chain management is indeed logistical, but it is also intertwined with security and privacy concerns.

The healthcare profession needs trained security personnel who understand the critical role that supply chain management plays in the smooth and secure operation of a medical facility.

Effective processes, structure, and remediation are all part of supply chain security. A strong, practical understanding of these skills can make you the strongest link in your organization’s supply chain.

Which Training is the Best?

Whenever the subject of training is presented, one always wonders “which training is the best?” This is understandable, as no one wants to waste time with a training program that offers no tangible benefits. Unfortunately, in the field of healthcare information security, there are not many training offerings. A deeper understanding of the security and privacy in a healthcare environment from a practical level is required. Risk management is part of that deeper understanding. The only training that presents a complete platform is the Healthcare Information Security and Privacy Practitioner (HCISPP) credential offered by (ISC)².

How the HCISPP Certification Can Help You to Succeed

The HCISPP Common Body of Knowledge (CBK) includes all aspects of security and privacy in a healthcare setting. The information gained through the study of the CBK is not only useful in achieving the certification, but it offers actionable, practical knowledge for any security practitioner in the healthcare field. Attaining the HCISPP certification shows a dedication to the healthcare security profession, which translates to a more valuable member of a healthcare security team.

If you are currently a security practitioner working in the healthcare field, or you are looking to enter the area of healthcare security, the Healthcare Information Security and Privacy Practitioner (HCISPP) certification offered by (ISC)² is the perfect vehicle to enhance your knowledge and skills. Not only does this credential give you the skills you need to function at the highest levels of a healthcare organization, but it shows your employer that you possess specialized knowledge and dedication specific to the healthcare profession.

Download our white paper, Not All Life Savers Wear White Coats , to learn more about supply chain security challenges in the healthcare industry.