Teaching a Vendor to Phish: How to Help Your Vendors Remediate Cyber Risks

Identifying the cybersecurity gaps in your vendor ecosystem is only one part of solving for risk. Risk management and reduction can only be achieved when third-party risk management programs make concrete investments to support their vendors in making timely and cost-effective improvements in their cybersecurity program. Here at CORL, we are committed to more than risk measurement. We foster excellence and accountability on both sides of the vendor contract by actively championing and managing proactive remediation and risk maintenance. Read More

Keep Up with CORL: Vendor Breach Digest, 5/9/22

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Okta & Microsoft, SummaCare, Healthplex, Inc, GitHub, Arcare, American Dental Association, T-Mobile, Mental Health Center of Greater Manchester, Mountain Area Health Education Center, The State Bar of Georgia, McCarter & English, Kaiser Foundation, Health Plan, Touchstone Imaging, DialAmerica Marketing, Block, Parker Hannifin Corporation, MailChimp, HubSpot, Cytometry Specialists, Palo Alto Networks, Globant, and Gainwell Technologies. Read More

Mitigating Fourth-Party Cyber Risks in Healthcare

This blog post provides insights into the growing risks associated with fourth-party vendors and applications that many healthcare organizations have not yet addressed. The objective of this publication is to level set definitions for fourth-party risk, outline current risk mitigation models and challenges, and propose innovative approaches for mitigating supply chain risks that extend to fourth parties. Read More

Keep Up with CORL: Vendor Breach Digest, 3/15/22

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Morley Companies, South Denver Cardiology Associates, Securitas, Priority Health, Medical Healthcare Solutions, PracticeMax, Charlotte Radiology, RR Donnelley, US Radiology Specialists, Pekin Insurance, The International Committee of the Red Cross, DataHEALTH, American Osteopathic Association, Vantage Holding Company, Crossroads Health, UMass Memorial Health, LGAA... Read More

Russia/Ukraine Cyberwar: Healthcare Vendor Risks & Response

Healthcare organizations are scrambling to adjust their cybersecurity preparation and response capabilities in the wake of potential cyberattacks stemming from the ongoing conflict between Russia and Ukraine. This blog post provides threat intelligence on the escalating cyberwar activities stemming from this conflict as well as recommendations for healthcare vendor risk management programs to prepare and respond to these emerging threats. Read More

Obtaining Buy-In for Your Third-Party Risk Management Program

Third-party risk management breaches have been snowballing in recent months with no clear end in sight. However, too many healthcare organizations have maintained a status quo approach to their Third-Party Risk Management (TPRM) and Vendor Risk Management (VRM) programs. This blog provides recommendations for delivering messaging to key stakeholder groups within healthcare entities to make the business case for further investments in third-party risk programs. Read More

Healthcare Vendor Risk Management (VRM) FAQs

Are you able to answer these questions about your vendor risk management (VRM) process? What are the most common security frameworks and standards used for healthcare VRM assessments? Does HIPAA mandate that vendors and business associates need to perform security risk assessments? Which risk management tools are most commonly deployed to support healthcare VRM programs? How do healthcare organizations drive and track remediation for vendor security risks? What are the leading practices for high-performing VRM programs? Check out our vendor risk management FAQ to answer these and other related questions. Read More

CORL Releases New NIST 800-53 Rev 5 Vendor Questionnaire

CORL is continually innovating and updating our capabilities to provide the healthcare industry’s leading Vendor Risk Management solution set. We are pleased to announce that the ​CORL Vendor Portal now includes a new NIST SP 800-53 Rev 5 Vendor Security Questionnaire. The new vendor questionnaire is 351 questions and includes the following features: Read More