With the surge in major cyber incidents involving third-party suppliers, it’s absolutely critical for healthcare sector entities to raise their security expectations and tighten their requirements for vendors handling sensitive data, said Renee Broadbent, CIO of Southern New England Healthcare, more commonly known as SoNE Health.
“You have to be super selective about the vendors you do business with – and exact high-level security standards out of them,” she said in an interview with Information Security Media Group conducted at the recent HIMSS cyber forum in Boston.
“If we’re going to engage with a vendor that is going to provide any services that touch our organization, particularly protected health information, we have a whole litany of things they have to do,” she said.
That includes being HITRUST-certified, signing nondisclosure agreements and business associate agreements, and being subject to random audits, she said.
“They actually have to supply and do all of those things before we sign on the dotted line. If they’re not willing to do that, then I’m not willing to do business with…
