Battling Supply Chain Security RisksRick McElroy of Carbon Black on 'Island Hopping' and Other Threats
Security incidents involving supply chain vendors pose increasingly significant risks to health data, says Rick McElroy of Carbon Black.
Healthcare sector organizations "have a very long supply chain," ranging from medical devices to office support services, he says in an interview with Information Security Media Group.
Organizations have to secure patient data throughout that supply chain, he points out. "And we've seen a massive rise in what we call 'island hopping' attacks [that] leverage downstream suppliers whether they're connected via business VPNs or devices coming in that the adversaries are going after, and getting into the [healthcare] organizations.
"Healthcare is actually increasing its security spend and resiliency to cyberattacks, but its downstream providers are not."
McElroy advises healthcare organizations to "drive up the visibility into the adversarial chain. They need to deploy both network- and endpoint-based technology that can actually see those attacks, put the whole picture together and give the team tools to respond faster."
In the interview (see audio link below photo), McElroy also discusses:
- Other critical steps to bolster security;
- The growing importance of and DevSecOps in the healthcare sector;
- Dark web trends involving health data;
- Key findings from Carbon Black's cyberthreat report examining the healthcare sector.
McElroy, head of security strategy for Carbon Black, has 20 years of information security experience, including security positions with the U.S. Department of Defense and in several industries including retail, insurance, entertainment, cloud computing, and higher education.