Supply Chain, Cloud Compromise Worries Growing in HealthcareRyan Witt of Proofpoint Discusses Study of Healthcare IT Security Pros' Top Concerns
Supply chain attacks and cloud compromises are now overshadowing ransomware as top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of security vendor Proofpoint about findings from a new study conducted with research firm Ponemon Institute.
The study of 653 healthcare IT and security professionals released Wednesday found that concerns about ransomware as the top cyber threat have dipped.
Meanwhile, apprehension about supply chain attacks and other incidents affecting patient care has grown since the firms' inaugural study on similar topics last year.
"Healthcare has a very strong supply chain network," Witt said. "Many covered entities are wholly reliant on their vast number of business associates to go help them provide all forms of patient care - some that are directly involved in the patient care process, others that are enabling functions that support the broader institution."
"It's no surprise that the threat actors understand that ecosystem more and more, and they try to exploit those relationships," he said in an interview with Information Security Media Group.
At the same time, the healthcare supply chain and public cloud are also increasingly linked, where third-party services, such as invoicing and medical supply distribution, interact with - or rely - on the cloud, he said.
"If you're reliant on a business associate who's providing some sort of key components or key aspects of the patient care process, like bandages and medication, and a supply chain attack is one of the reasons they are delayed, that definitely has an adverse outcome," he said.
"The big takeaway is that there's a growing recognition that there is a connection between a porous cybersecurity posture or challenges in a cybersecurity environment, and how that directly can impact patient care."
In the interview (see audio link below photo), Witt also discusses:
- Other key perceptions about cyberattack trends and related patient safety issues;
- Why ransomware attacks likely declined as the top cyberthreat concern among survey respondents;
- How healthcare sector entities should exercise vigilance against an anticipated surge in email phishing attacks and social engineering scams related to the Israel-Hamas conflict.
Witt, vice president at Proofpoint, is responsible for the strategy and solutions for the company's healthcare business. He also chairs Proofpoint's healthcare advisory board and is currently serving a two-year term on the HIMSS Cybersecurity, Privacy and Security Committee. Prior to Proofpoint, Witt held healthcare leadership positions at Fortinet and Juniper Networks and led both companies' healthcare advisory boards.