23 February 2024
Another day, another outage caused by…. well maybe not all of it is from a cyberattack. If you follow some of the news out there, you can’t help but have heard of the AT&T cellular outage this week. Reports range from 1% to mass outages affecting millions of subscribers. AT&T says it was not a cyberattack. But Change Healthcare, a subsidiary of United Healthcare Group reports their outage was the result of a cyberattack. Change Healthcare “…claims it handles around one in three U.S. patient records, amounting to around 100 million Americans.” The immediate impact is that pharmacies across the nation are unable to fill some prescriptions because they cannot bill for them.
The risks associated with utilizing these two suppliers are not uncommon. Business is complex and made up of complex relationships between suppliers and providers of service. Very few companies of any size will create and sell their products from end to end. They almost always have suppliers in the chain. In this case, many companies relied on these companies for their services to conduct their own. They had to know it was something of a risk to rely on them even if they have not failed in the past.
What do you do with that information? As a risk advisor, we often get asked what are the risks and then what to do about it. In this case, it’s difficult to see what companies had planned for these outages, but both impacted many businesses and likely cost millions of dollars if not more.
In your risk program, do you stop at identifying the risk? Or do you have processes in place to address the risks identified? Does it affect your solutions or does your company subscribe to the “that would never happen, it never has before” mentality?
It’s worth knowing your risks and risk tolerance in your business. At least then you can have a plan when these types of events occur.