Several healthcare chief information security officers have established a council to develop best practices for managing third-party risks.
The CISOs want to limit the security risks that vendors can inflict on hospitals and other provider venues, starting with the supply chain.
Many provider organizations do not have the expertise and resources to conduct proper vetting and monitoring of third-parties working within the facility, so the early work will focus on building common vetting and oversight practices that can be applied nationwide and internationally.
“The primary challenge is organizations can engage vendors of various sizes, maturity and complexity without really knowing whether the vendor should be engaged in the first place based on their beliefs and investments in cybersecurity,” said Taylor Lehmann, CISO at Wellforce, the parent company of Tufts Medical Center and Floating Hospital for Children.
Also See: HITRUST program to aid national cyber threat sharing
In addition to Tufts, founding healthcare systems include Allegheny Health Network, Cleveland Clinic, University of Rochester Medical Center; UPMC, and Vanderbilt University Medical…
