Healthcare information technology security leaders from across the country have shared insights with Becker’s regarding the most important steps for hospitals and health systems to take in preventing increased cybersecurity risks when working with third-party vendors.
The five recurring themes from the experts’ responses are to prioritize due diligence, specify contractual agreements, establish vendor risk management programs, conduct continuous monitoring and minimize access levels.
Here is a selection of quotes from 18 leaders:
Editor’s note: Responses have been lightly edited.
Due diligence
1. Don Kelly. Manager of the Virtual Information Security Program and Chief Information Security Officer of Fortified Health Security (Franklin, Tenn.): Do your due diligence. By that I mean you truly need to do more than ask them to complete a questionnaire and trust the answers. Have defined expectations then ask the vendor to provide evidence they are meeting those standards. Review the evidence, identify gaps, and work with them to close the gaps.
2. Paul Connelly. Former Chief Security Officer of HCA Healthcare (Nashville, Tenn.): Conduct thorough due diligence before onboarding…
