In a stark reminder of the growing threat posed by cyberattacks, Betsy Hodge, a regulatory attorney with Akerman LLP, emphasized the importance of robust supply chain management within the healthcare sector during an interview with Information Security Media Group. The past year has revealed the critical need for healthcare organizations to plan for potential disruptions instigated by cyber incidents affecting third-party vendors, particularly those that provide essential services.
Hodge highlighted that understanding the intricacies of a healthcare organization’s supply chain is more crucial than ever. “It’s vital to vet mission-critical vendors thoroughly and develop contingency strategies,” she stated. This guidance comes in light of a series of significant disruptions observed in 2024, where organizations supplying critical IT services and life-saving resources, such as blood, faced aggressive cyberattacks that severely impacted their operations and client relationships.
To mitigate risks, Hodge advocates for the adoption of multiple vendor arrangements for particular products and services. By doing so, organizations can ensure continuity of operations. “If one vendor encounters a cyber incident, having a secondary vendor can minimize the operational disruption,” she explained. This approach not only safeguards patient care but also protects the integrity of healthcare providers’ operations.
As these attacks proliferate, Hodge recommends that healthcare organizations prioritize their vendor risk assessments. “Organizations should apply heightened cybersecurity diligence to high-risk vendors, particularly those servicing mission-critical areas,” she advised. This could involve implementing security questionnaires, conducting thorough audits, and engaging in proactive monitoring to identify potential vulnerabilities. With the increasing complexity of cyber threats, it is imperative that businesses equip themselves with robust cybersecurity frameworks.
Looking ahead, Hodge foresees a continuing wave of supply chain vulnerabilities. She noted that incidents within a downstream vendor could catalyze widespread implications for all affiliated healthcare entities. The interconnected nature of these services means that a single breach can reverberate across multiple organizations, escalating the threat landscape.
During her interview, Hodge also touched on essential planning strategies to handle potential IT disruptions stemming from mission-critical third-party suppliers. With the regulatory environment continuously evolving, she addressed how healthcare entities can best navigate forthcoming state and federal regulations—while ensuring compliance with existing legal frameworks amidst uncertain political enforcement climates.
Moreover, Hodge raised pertinent issues regarding the implications of artificial intelligence in healthcare, underscoring the need for regulatory frameworks that address emerging technologies in a rapidly changing environment. As AI and other advanced tools become more integrated into healthcare delivery, organizations must remain vigilant regarding associated cybersecurity risks.
Hodge, who serves as a partner at Akerman and leads the firm’s healthcare and data privacy practices, brings extensive expertise in regulatory issues affecting providers, payers, and employer-sponsored health plans. As chair of the American Health Law Association’s Health and Information Technology Practice Group, she is well-positioned to influence ongoing discussions around healthcare law and cybersecurity.
In this ever-evolving landscape, business owners must remain proactive in their cybersecurity strategies to guard against emergent threats. By utilizing frameworks such as the MITRE ATT&CK Matrix, organizations can identify and address various adversarial tactics and techniques—enabling better preparedness in the face of potential cyber incursions. The time to evaluate and strengthen cybersecurity measures is now, as the implications of inaction can be dire for healthcare entities and their patients alike.
