Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

The Dangers of Over-Relying on Too Few Critical Vendors

CISO Jigar Kadakia on Business Continuity Gaps Exposed by Change Healthcare Breach
The Dangers of Over-Relying on Too Few Critical Vendors
Jigar Kadakia, CISO, Emory Healthcare

Many healthcare organizations have discovered major gaps in business operations preparedness - the ability to quickly rebound from major IT disruptions, such as those caused by the Change Healthcare cyberattack. Jigar Kadakia, CISO of Emory Healthcare, said it's time to come up with a Plan B.

"The biggest issue I've seen from an incident response perspective has not been the 'incident response' itself, but more around the business operations, business continuity aspects," he said.

Security teams had been responding to incidents with the same playbook, but the Change Healthcare attack and subsequent lengthy outage changed all that.

"Change Healthcare, for example, is one-third of a $5 trillion ecosystem for healthcare. Thousands of organizations leverage Change for different services, and most did not have a backup plan or alternative plan during their outage. So, they were all impacted," Kadakia said.

Many healthcare entities, including smaller hospitals and medical practices, had to take out loans just to continue functioning during the IT outage, he said, and in extreme cases, some had to shut down their businesses. "They were never prepared."

"Postmortem on these types of attacks: Does the business have alternative options? Can they turn things on in the event of a negative event in their workspace? Most organizations rely on one vendor, and that has impacted them immensely."

In this audio interview (see audio link below photo) at the HealthSec Summit USA in Boston, Kadakia also discussed:

  • Steps his organization has been taking to improve incident response preparedness;
  • Consolidation among vendors in the security product space;
  • Promising developments in security technology.

Kadakia, who lead security at Emory Healthcare, an Atlanta, Georgia-based healthcare system, previously served for nearly a decade as vice president, CISO and privacy officer for Mass General Brigham, formerly Partners HealthCare. He previously spent more than 20 years consulting, delivering, developing and managing privacy and cybersecurity implementations for large complex healthcare companies. Kadakia is a managing board member of the Health Information Sharing and Analysis Center.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.