Piles of Lynchpins: Healthcare Third Party Cyber Risk & Patient Harms

In cybersecurity we are often asked to find and fix the gaps in our organizations defenses- uncovering and then fortifying the digital linchpins of our systems. What do you do when you find there isn't one linchpin but a pile, and the resilient machine you thought you had built is more like a shaking house of cards? The scourge of third-party dependencies in healthcare systems have continued to provide us with a steady stream of “lessons learned,” but is anyone showing up to class anymore?

This session will look at the speaker’s cross-sectional study that examined the impact of the faulty CrowdStrike software update on July 19, 2024 on patients and internet-connected services across US hospitals. This session will look at key business continuity and resilience takeaways from the Crowdstrike faulty software event and how these lessons can be applied toward not just health care, but other industry sectors as well.

Objectives:
1) Identify supply chain and third-party risks inherent in complex industries such as healthcare.
2) Identify impacts supply chain vulnerabilities can have on the timely delivery of life saving medical care.

This presentation is facilitated by Christian Dameff. Christian is an Associate Professor of Emergency Medicine, Biomedical Informatics, and Computer Science at the University of California San Diego. He co-directs the UCSD Center for Healthcare Cybersecurity. He is also a hacker, a former open capture the flag champion, and DEF CON/RSA/Black Hat/BSIDES Speaker.

This event is organized by the Digital Research Alliance of Canada. Click here to register.