Using automation to handle healthcare's supply chain
The healthcare industry’s risk landscape is more complex than ever. From supply and worker shortages to ransomware attacks and more, disruption risks are rising in frequency and severity. Unfortunately for most organisations, clear visibility into these issues remains extremely low.
After a tumultuous year and a half of COVID-19 and the resulting worldwide disruption, many leaders are seeking a more proactive approach to supply chain and third-party risk. With the right risk management approach, healthcare organizations can be better prepared for upcoming risks of disruption to ensure continuity, resiliency and most importantly, the trust and safety of patients.
Risks to beware: supply & service disruptions
It would be extremely difficult to find a healthcare organization that was immune to the supply-chain disruptions experienced during the pandemic. Before COVID, if a supplier couldn’t deliver, healthcare organisations could leverage alternate sources. But all of that changed in March 2020 when disruption occurred at such an unprecedented global level. Shortages and service disruptions became impossible to avoid by most who lacked clear visibility into their supply chains.
COVID-19 brought significant risks to organisations through their third-party service providers. For example in the early stages of the pandemic, call centre activity increased by 300% in just a matter of days. As COVID-19 spread, the call volumes reached over 800% higher than normal pre-pandemic levels. This significantly increased outages and lowered performance as third parties struggled to handle the increased demand. Additionally, some call centres reported seeing incidents of fraud increase as much as 150% compared to pre-pandemic levels and a significant number saw double digit increases – at minimum.
Beyond the physical supply shortage issues, today healthcare organizations are also facing a critical talent shortage. Hospitals all over the country – from Texas to New Jersey and everywhere in between – are struggling to fill open positions. Complicating the issue further, nurses are retiring earlier than expected from the extreme levels of pandemic related stress, leaving hospitals at high risk of failing to provide patient care.
Risks to foresee: data (un)protection
As the healthcare industry is a critical part of our national infrastructure, it is an ideal target for malicious foreign entities looking to foster chaos in the US. As a result, Protected Health Information (PHI) holds high value to hackers looking to cash out on the black market. Attacks reached a record level throughout the pandemic – and unfortunately, it’s predicted to get much worse.
In 2020, 560 healthcare organisations were victims of ransomware attacks, costing over $20.8 billion – double 2019 costs. Healthcare organisations are also forced to consider the increased vulnerabilities that may arise from compliance legislation intended to make PHI more accessible to doctors. For example, the Office of the National Coordinator for Health IT’s (ONC) Information Blocking Final Rule enforced a penalty for health IT developers up to $1 million per instance if they engage in information blocking.
These issues have become so problematic since the beginning of the pandemic that the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has settled as many as 18 compliance violations in the HIPAA Right of Access Initiative. Resolution agreements and civil money penalties can be costly – sometimes resulting in fines as high as $6.85 million.
Balancing the volume and complexities of compliance legislation, data protection, critical supply chains, and third-party risks is truly beyond human capabilities especially with continued labor shortages. That’s why many leaders are looking to risk solutions that leverage the latest technology to provide continuous monitoring across their supply chains as the complexity continues to rise.
A new approach to risk: continuous, real-time and proactive
If there’s anything today’s complex and rapidly evolving risk landscape has taught us, it’s that old risk management processes are not cutting it. The data in point-in-time assessments many organizations rely on to assess the health of their supply chains and third parties is quickly stale.
Month’s old risk intelligence may not be relevant today and most critically, can’t flag what’s coming next. Proactive risk mitigation requires early warning from real-time risk intelligence. This holds true for sudden supply shortages, unexpected labour issues, increased data vulnerabilities and more.
Not only do outdated risk management processes increase risks of disruption for failure to provide the current picture, but also fail to provide a comprehensive view across the entire risk landscape. The vast majority only cover financial and cyber risks when in fact financial and cyber issues are often not leading indicators of trouble.
The earliest indicators of a major cyberattack most often occur outside the cyber realm and can first present as compliance issues, location vulnerabilities or people risks. Without widening the risk aperture for leading indicators, organisations are essentially in the dark and are forced to be reactive - acting too late to avoid disruption.
To secure supply chains, improve resiliency and prevent disruptions, leading healthcare organizations are upgrading their risk management approaches by deploying automation, data science and AI solutions that enable continuous monitoring. Monitoring risks 24/7 and receiving alerts in real-time enables the early warnings organisations need to take proactive steps before disruptions occurs.
With updated technology, organizations can expand the risk aperture being monitored as well. Beyond the standard financial and cyber risks, organisations can include operations, people, regulatory, compliance, ESG, location risks and more. This enables organizations to prevent a seemingly minor incident from cascading into a catastrophic disruption.
Looking forward: what’s to come
As adoption of continuous risk monitoring increases across the healthcare industry, there will be some great improvements in risk mitigation and disruption avoidance. With increased visibility into the current risk landscape, proactive risk mitigation to avoid costly disruptions is finally possible. Secure supply chains ensures operational resilience, and as a result, customer loyalty, brand reputation, patient care and the bottom line will be positively impacted.
While the pandemic continues to cause undeniable hardship around the world, by accelerating the adoption of comprehensive continuous monitoring, healthcare providers can positively impact the organization’s resilience, today.