BLOG

If cybersecurity challenges are mounting for health systems in today’s increasingly risky global environment, why would it be any different for their third-party vendors - especially the smaller ones? What’s clear is that even the largest of health systems can only be as safe as their partners. In this episode of healthsystemCIO’s Partner Perspective Series, Anthony Guerra, editor-in-chief and founder, talks with Brian Selfridge, a partner at CORL Technologies and Meditology Services, about the issue. Read More

At CORL, we manage Vendor Risk Management (VRM) programs for hundreds of healthcare organizations. We have learned over the years that the industry standard models for vendor risk assessments cannot scale to meet the challenges we now face to effectively mitigate the risks that vendors pose for the industry. There are a slew of new VRM technologies hitting the market that can help to accelerate communication and reporting around vendor risk management. Read More

Cyberattacks on the supply chain have been growing exponentially in the last several years. These attacks had introduced substantial social and political implications, as we saw with the recent attack against the Colonial Pipeline that disrupted the supply of oil and gas for the southeastern US region. Healthcare has been hit the hardest of all industry segments at a time when we need to be firing on all cylinders to address and recover from a global pandemic. Read More

I have been hosting The CyberPHIx healthcare cybersecurity podcast for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. We have produced 68 podcast episodes and counting thus far. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a on the topic of vendor security risk management. Read More

Recent high-profile supply chain attacks have heightened awareness of third-party vendor cybersecurity and privacy risks on a global scale. However, breaches and vulnerabilities in the supply chain have been on the radar for several years and have led to the development of slew of new regulations and standards. In this blog post, we will give a quick rundown of some of the latest regulations, standards, and guidance targeting supply chain risks from a federal and global standpoint. Read More

Fielding hundreds of security questions from dozens of customer risk assessments can take weeks and sometimes months to address. Getting the right information from the business, the security team, and certain IT specialists and translating that into the customer's specific requests can grind the sales cycle to a halt. Read More

Vendors can sometimes be treated less like business partners and more like adversaries for some third-party risk programs. This confrontational approach, however, often leads to breakdowns in communication that can impede the shared business objectives between customers and clients for driving down information security risks for all parties involved. Read More

Far too many third-party risk management programs rely upon assessment models that start from scratch with assessing products and vendors as they get processed through standard procurement cycles. The mean time to complete a vendor assessment from scratch takes over 27 days, which includes vendor response cycles, clarifications, and validation of information provided. Read More