Budget and capability challenges are contributing to persisting supply chain risk management issues across the healthcare sector, a new survey done by Ponemon Institute in place of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group stated.
More significant than 400 IT and IT security practitioners participated in the survey, all actively involved in their association’s supply chain risk management program. The results showed ongoing critical challenges across the sector as organizations face challenges in maintaining basic supply chain risk management plans.
For instance, only 19 percent of survey respondents stated having a complete inventory of their institutions’ suppliers. Smaller organizations were three times more usual to have no stock whatsoever.
Moreover, 20 percent of respondents stated that they only conduct security results of business-critical suppliers when a security incident occurs, while 24 percent reported that they perform these assessments on an ad-hoc basis.
The survey also highlighted a need for standardized language in security contracts, a deficit of integration between procurement and contracting teams and the supply chain risk management plan, and a need for supplier cooperation.
When asked to identify their business’s barriers to having a good supply chain risk management program, 59 percent of participants cited a need for more in-house expertise. Respondents also pointed to a need for more support from senior leadership and a formal budget solely for supply chain risk management.
“The survey shows that healthcare organizations of all sizes still face an uphill struggle to effectively manage cyber risk across the supply chain plan, with smaller organizations still facing critical issues in the resources and budget allocated to them,” Greg Garcia, HSCC executive director, demonstrated in a simultaneous press release.
Fifty-seven percent of more minor associations reported having annual supply chain risk management allocations of $500,00 or less. In comparison, 51 percent of more prominent organizations reported consisting of budgets between $1 million and $5 million.
Budget is one of many challenges that are exacerbated among smaller healthcare organizations. More than a third of observed organizations said they needed to assess risks through how new suppliers will impact patient care results. Smaller organizations were more than twice as usual to report this gap than larger institutions.
The program highlighted several areas of improvement for supply chain risk management groups to focus on in the immediate destiny. Integrating procurement and hiring teams, maintaining a reliable inventory, and evaluating potential patient care results when evaluating vendors can help businesses better manage supply chain risk and further prioritize patient protection.
Even with a little budget, organizations can leverage free resources to improve their supply chain risk management poses.
HSCC encouraged organizations to embrace the National Institute of Standards and Technology’s Cyber Security Framework supply chain management practices (HIC-SCRiM), a guide aimed at supporting small and mid-sized healthcare organizations to maintain a successful supply chain risk management agenda. Large organizations and industry organizations can also use the directory to raise an understanding of supply chain risks across the area.
“The healthcare supply chain team is underneath an increasing amount of pressure to move fast while managing a multitude of risks during the procurement process,” illustrated Ed Gaudet, CEO, and founder of Censinet and HSCC Supply Chain Cybersecurity Task Group Expert.
“As cyberattacks like ransomware become more refined, this survey hammers home the critical need for automation and actionable risk insights to support supply chain leaders effectively manage inventory, cyber threat, fraud, safety, and supplier monotony.”