Cyberattacks in healthcare rise, with supply chain breaches most damaging, affect patient care due to the level of disruption generated. An example of such an incident has taken place within the U.S.
Dr. Howard Goodman, Sr. Technical Director at Skybox, has discussed the news that a company manufacturing products for heart surgeries reported a disruption in its delivery systems due to a pre-Thanksgiving ransomware attack with Digital Journal.
Goodman sets out the recently discovered cybersecurity incident: “A recent ransomware attack against a key supplier of life-saving heart surgery equipment underscores the fragile nature of today’s healthcare supply chains.”
Explaining the ramifications, Goodman states: “When even one link in this chain is compromised, the impact can radiate through hospitals, patients, and partners. This incident highlights the urgent need for a more proactive and holistic cybersecurity strategy within the healthcare ecosystem.”
Based on the attack there are lessons that the wider industry can learn from. Goodman outlines the core activities that firms should be considering: “A robust defence involves more than following a checklist of rules. Organizations must map out potential attack paths—detailing how a threat actor could move through interconnected systems—and then take measures to close these gaps before an attack occurs.”
There are other activities for companies to engage in, states Goodman: “This also means enforcing strict “access compliance,” ensuring that only authorized individuals can reach certain data or systems, and establishing “device compliance” so that every piece of medical equipment meets agreed-upon security standards. Coupled with a vigilant analysis of all potential attack vectors, these efforts foster a stronger, more resilient defence posture.”
An important example of this is the paradigm of Continuous Threat Exposure Management (CTEM). Goodman says these are “frameworks help organizations detect risks earlier and respond more decisively. By continually stress-testing their defences, security teams can uncover vulnerabilities and fix them before a crisis hits. When combined with ongoing training, prompt patching, and rigorous oversight of third-party vendors, healthcare providers create an environment that is not only resistant to ransomware and other threats but also capable of sustaining patient trust and care quality.”
Goodman poses a warning going forwards: “In the face of evolving challenges and opportunistic attacks—especially during high-stress periods like holidays—these measures do more than just plug security holes. They help build a dependable, adaptable, and secure healthcare infrastructure, ensuring that patient well-being remains at the heart of every connected decision.”
