Poor Cyber Supply Chain Risk Management Leads to Healthcare Data Breach
2.65 million records of Patient Data belonging to Atrium Health in Charlotte was the bounty of hackers on October 1st. The source of the breach, AccuDoc Solutions is a third-party vendor providing IT services, medical billing, payment, and document processing.
This breach falls in line with previous breaches involving Target and Home Depot, where Non-Public Information was accessed through the organization's supply chain.
This rise in attacks through third-parties has led to a new category in the updated NIST Cyber Security Framework, titled Supply Chain Risk Management. This newly created category entails identifying, assessing, and managing the risks to your organization's data and critical services introduced by third-parties.
To protect yourself, security requirements as part of the RFP and contracting process are imperative, as well as enforcing these requirements to your third-party vendors. While the breach occurred outside of Atrium Health, they were the company listed in the headline.