The Domino Effect: Understanding Supply Chain Attacks in Healthcare
A Product of the Health-ISAC UCF Internship Program, spearheaded By: Taylor Porter, Gabriel Saavedra
Glean insights into the current state of supply chain risk management and its future. These insights can provide CISOs with questions to inform how their cybersecurity teams can best identify and mitigate risks in their environments.
The June 2023 cyberattack on Progress MOVEit demonstrated how threat actors can target an organization’s supply chain through third-party and partner connections to cause disruptions across multiple sectors. Other recent major cyberattacks include SolarWinds, Kaseya, NMP IconBurst, and Cyber Av3ngers Unitronics. These attacks demonstrate how threat actors with varying intents and capabilities can exploit vulnerabilities within a supply chain. By attacking a third-party entity to target an organization (or set of organizations), threat actors can circumvent a strong security infrastructure by exploiting the supply chain itself as a springboard by exploiting previously unknown vulnerabilities, or zero-days.
Examining these attacks can allow us to glean insights into the current state of supply chain risk management and its future. These insights can provide CISOs with questions to inform how their cybersecurity teams can best identify and mitigate risks in their environments. These questions can expose the range of possible attack vectors like security misconfigurations, such as leaving default passwords unchanged, or the use of open-source code in products, which can be sabotaged by threat actors. Answering these questions can also assist in maximizing an organization’s security infrastructure and understanding the security posture of a third party that may be operating a critical business function. Supply chains attacks will continue to be prevalent in critical infrastructure sectors moving forward as threat actors seek to prey on the reliance of their services. However, this can be mitigated by developing a strong security infrastructure, forward-thinking CISOs asking their teams the right questions, and promoting a culture of cyber resilience by engaging in information sharing and developing relationships with peers, partners and public sector agencies.
