The energy sector, like the healthcare sector are both identified by CISA as critical infrastructure and they both need to be protected from cyber-crime. Many small rural electric cooperatives and municipal utility providers suffer the same risks as rural hospitals and other small entities that have insufficient cybersecurity protections and resources, putting them at risk of a cyber-crime and business disruption affecting others. This item from the healthcare community is also germane to the utility industry.
Third-party technology policing
Notably, 58% of the 77.3 million individuals affected by healthcare data breaches in 2023 were impacted by anΒ attack on a third-party providerΒ β a 287% increase compared to 2022, according to HSCC.
One respondent told the working group about "the need to address unregulated third-party technology and service vendors to improve their security when they connect to or are installed in health provider networks."
Unregulated third-party technology and service providers are a key threat vector and incur costly third-party risk management demands, HSCC agreed.
"Health providers should not bear the sole burden for policing their vendors," members of the working group said. "Such third parties must be held to an enforceable higher cybersecurity standard when they support critical healthcare infrastructure where lives are at risk."Β