Healthcare CISOs face the unique challenge of protecting highly sensitive data against a staggering number of attack vectors.

From vulnerabilities in medical devices, to securing legacy systems and managing third-party risk, a single vulnerable link in your supply chain can compromise the security of your entire organization, posing significant risks to patient safety and data integrity. Recent cyberattacks against Change Healthcare, Philips and others exemplify the critical need for robust supply chain security measures, including comprehensive vendor risk assessments, securing medical devices and software, and the necessity of continuous monitoring and rigorous security protocols.

Recognition that each interaction and transaction within the supply chain can introduce potential risks is crucial for maintaining a comprehensive security framework. This session will take a deep dive into the many aspects of supply chain security, emphasizing a holistic approach to preventing, detecting and mitigating threats to critical operations and delivery of care.

Key takeaways include:

• Vendor risk assessments: Evaluate the security posture of suppliers and third-party vendors, focusing on those handling sensitive patient data and critical infrastructure;
• Advanced security controls: Implement measures like code signing, software integrity verification and secure boot mechanisms to protect connected medical devices and other components;
• Contractual security requirements: Establish SLAs and contracts with stringent security clauses to ensure vendor accountability.