The Health Sector Coordinating Council, through its Cybersecurity Working Group, published a guide to help healthcare organizations manage cybersecurity risks in AI-driven supply chains. It focuses on gaps in vendor visibility and disclosure, where incomplete inventories and unreported AI-specific risks, such as data leakage and adversarial threats, complicate oversight. The guide promotes proactive due diligence, continuous risk profiling, and stronger contractual transparency, equipping organizations to identify hidden dependencies, manage third-party risks, and align AI (artificial intelligence) technologies with safety, privacy, and resilience priorities.
Titled ‘Health Industry Third-Party AI Risk and Supply Chain Transparency Guide,’ the HSCC document addresses the growing gaps in discovery and disclosure processes that make AI supply chain risk so difficult to manage. Many healthcare organizations operate with incomplete or outdated vendor inventories, while AI-specific cybersecurity risks, such as synthetic data misuse, training data leakage, and adversarial inference, go unreported by vendors. To counter this, the guide promotes proactive due diligence,…
