BLOG

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Okta & Microsoft, SummaCare, Healthplex, Inc, GitHub, Arcare, American Dental Association, T-Mobile, Mental Health Center of Greater Manchester, Mountain Area Health Education Center, The State Bar of Georgia, McCarter & English, Kaiser Foundation, Health Plan, Touchstone Imaging, DialAmerica Marketing, Block, Parker Hannifin Corporation, MailChimp, HubSpot, Cytometry Specialists, Palo Alto Networks, Globant, and Gainwell Technologies. Read More

CORL and HITRUST specialize in delivering cybersecurity assurance products and services for the healthcare industry including Third-Party Risk Management (TPRM) programs. Our companies have been listening attentively to our clients and colleagues and one message has come across loud and clear: TPRM is broken and we need to collaborate as an industry to fix it. This blog provides a summary of the feedback and perspectives from cybersecurity and risk leaders charged with managing healthcare TPRM programs. Read More

Cloud Security Alliance (CSA) recently released new guidance on managing third-party cyber security risk in healthcare that offers some practical and useful tips for defenders to consider. The report comes on the heels of a new industry report from IBM that cites healthcare as the highest sector for breach costs. The IBM report also notes that 45% of breaches were cloud-based and almost one fifth of breaches occurred because of a compromise at a third-party business partner. Read More

A bombshell news report was issued by The Markup on June 16 in their publication, Facebook Is Receiving Sensitive Medical Information from Hospital Websites. Specifically, the report claims that healthcare organizations across the country have installed Meta Facebook’s Meta Pixel tracking tool on patient portals and other patient-facing websites. The Meta Pixel platform reportedly sends Facebook Protected Health Information (PHI) including patient names, IP addresses, names of doctors, appointment information, prescription details, and more for many of the nation’s hospitals. Read More

Identifying the cybersecurity gaps in your vendor ecosystem is only one part of solving for risk. Risk management and reduction can only be achieved when third-party risk management programs make concrete investments to support their vendors in making timely and cost-effective improvements in their cybersecurity program. Here at CORL, we are committed to more than risk measurement. We foster excellence and accountability on both sides of the vendor contract by actively championing and managing proactive remediation and risk maintenance. Read More

Identifying the cybersecurity gaps in your vendor ecosystem is only one part of solving for risk. Risk management and reduction can only be achieved when third-party risk management programs make concrete investments to support their vendors in making timely and cost-effective improvements in their cybersecurity program. Here at CORL, we are committed to more than risk measurement. We foster excellence and accountability on both sides of the vendor contract by actively championing and managing proactive remediation and risk maintenance. Read More

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Okta & Microsoft, SummaCare, Healthplex, Inc, GitHub, Arcare, American Dental Association, T-Mobile, Mental Health Center of Greater Manchester, Mountain Area Health Education Center, The State Bar of Georgia, McCarter & English, Kaiser Foundation, Health Plan, Touchstone Imaging, DialAmerica Marketing, Block, Parker Hannifin Corporation, MailChimp, HubSpot, Cytometry Specialists, Palo Alto Networks, Globant, and Gainwell Technologies. Read More

This blog post provides insights into the growing risks associated with fourth-party vendors and applications that many healthcare organizations have not yet addressed. The objective of this publication is to level set definitions for fourth-party risk, outline current risk mitigation models and challenges, and propose innovative approaches for mitigating supply chain risks that extend to fourth parties. Read More