Protecting against Fraudulent Access within your Supply Chain

As an organization in the healthcare sector, there will be a secure infrastructure in place to protect the data of your patients and employees, with strong authentication (possibly PKI-based) to ensure that only access to relevant data is available to the right people.

However, what happens in your supply chain?  The same systems do not work, and you can’t be sure that those people who have access to supplier systems are who they claim to be.

With a long list of suppliers, such as pharmacists, insurance providers and even medical device manufacturers, how can you make sure the data you share externally remains encrypted in transit, isn’t at risk of being hacked and protect your sensitive data from being breached?

It’s not just about ensuring your own networks and systems are secure, you also need to ensure that those organizations you do business within your supply chain have robust security systems in place too. It only takes one weak link for sensitive data to be exposed.  It’s not just good practice, it is also a HIPAA compliance requirement, which states that all individually identifiable health information is protected. Any information you share with your supply chain needs to be secured to cut the risk of data breach.

So what can you do to ensure that your supply chain partners are a robust at cyber security as you?

1. Choose only trusted suppliers who comply with HIPAA
2. Limit access control to private health information to only those who truly need it
3. Ensure you have confidence in the identity of people connecting to your systems. – you should deploy a credential management system to enforce corporate policy
4. Ensure you have policies detailing the use and access requirements for data that extends to your supply chain.
5. Have auditable records in place so you know who has access and can see what information they are accessing.
6. Adopt FIDO based multifactor authentication (MFA), with a simple, secure method of credential management of devices that fall outside of your organization’s direct control.

By incorporating a credential management system within your cyber security infrastructure, you can reduce the risk of cyberattacks significantly.  You can have confidence that the people accessing your systems are who they claim to be.

Intercede offers FIDO as part of its MyID® solution, providing high security authentication with a simple user experience.  It enables your employees to access all the resources they need to be able to carry out their work, but within secured environments which allow visibility, control, and lifecycle management of individual credentials.

Easy use and deploy, the FIDO and MyID solution integrates well with your existing IT infrastructure.

To find out more about securing your data through your supply chain – read our white paper – Secure Healthcare Provision: Identity and Authentication.