Supply chain attacks are dangerous for those affected but are also immensely costly, especially for healthcare organizations where the main objectives are to improve health and save lives; they don’t want to be spending money on procuring new equipment as a result of malicious tampering. This further demonstrates the need for the healthcare sector to strengthen its cyber security measures to alleviate these challenges.
Although security measures are in place, most rely on human intervention, such as visual inspection within the supply chain. This includes monitoring the alignment of labels, verifying the authenticity of serial numbers, and checking the shape of markings. However, these tasks are very costly and require copious amounts of time, which many organizations simply do not have. Some systems may also not be completely up to date with security protections and updating these needs to become a priority for the industry.
To mitigate the risks of hacking, organizations should adhere to the principles of trusted computing—and so should every other user, company or supplier in the supply chain. If one stage or process has insufficient security, the entire supply chain will be more susceptible to hackers and can create huge amounts of risk and challenges. To address this, the Trusted Computing Group (TCG) has developed the Firmware Integrity Measurement (FIM) specification, which acts as a way to determine the security status of multiple endpoints with a network by providing guidelines to review the integrity of a device at the manufacturing stage and offering a baseline measurement that allows for security result comparisons throughout.
The FIM specification verifies that an endpoint device has been received by the end user and matches what they had ordered. The FIM can then be measured and compared to the Reference Integrity Measurement (RIM) to detect if the hardware has been compromised. Thus, at any point of a supply chain, manufacturers can determine the integrity of a device.
TCG’s aim is to reduce the risk of cyberattacks to zero, by using cybersecurity professionals to educate and make cybersecurity top of the agenda, so that industries such as the healthcare sector will be protected from threats. Adhering to the measures provided by TCG will help minimize these risks and prevent the attacks from occurring by ensuring verification of the different stages of the supply chain before the equipment physically arrives at the hospital. Organizations must actively put measures in place to utilize the tools and technologies to detect malware, so that cybersecurity does not become a bigger issue. Thus, it is of the utmost importance for each player in the supply chain to do their part and take a security-first approach.
Over time, hackers will keep evolving and becoming more sophisticated as more people rely on the Internet and digital technology. Therefore, it is critical to keep security measures up to date in all sectors, but especially the healthcare sector—where lives are at stake. Organizations and individuals working along the supply chain should continuously monitor the components, technologies, and practices as supply chains become increasingly more complex.