BLOG

Urgent Vendor Risk Alert: Log4j Java/Apache Logging Vulnerability

A far-spanning zero-day vulnerability was exposed over the weekend for the ubiquitous open-sourced logging utility called Log4j. CORL is actively working with our customers and vendor population to understand the extent of deployment of Log4j in the vendor community and the impact and risk exposure it may create for our customers. This blog provides a short summary of the Log4j vulnerability, as well as recommendations for remediation and risk mitigation for organizations and their third-party vendors. Read More

Published On December 13, 2021

Keep Up with CORL: Vendor Breach Digest, 12/9/21

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: DNA Diagnostic Center, Ace Surgical Supply, Maxim Healthcare Services, Panasonic, Planned Parenthood, Boulder Neurosurgical and Spine Associates, Medsurant, Region IV Area Agency on Aging, Bureau Veritas, Mowery Clinic, Saltzer Medical Group, Blue Shield of California, Maryland Department of Health, Supernus Pharmaceuticals, Episcopal Retirement Services, Continental American Insurance, Anthem, Nationwide Laboratory Services, and Anthem Blue Cross of California. Read More

Published On December 9, 2021

Healthcare Vendor Risk Management (VRM) FAQs

Are you able to answer these questions about your vendor risk management (VRM) process? What are the most common security frameworks and standards used for healthcare VRM assessments? Does HIPAA mandate that vendors and business associates need to perform security risk assessments? Which risk management tools are most commonly deployed to support healthcare VRM programs? How do healthcare organizations drive and track remediation for vendor security risks? What are the leading practices for high-performing VRM programs? Check out our vendor risk management FAQ to answer these and other related questions. Read More

Published On November 30, 2021

CORL Releases New NIST 800-53 Rev 5 Vendor Questionnaire

CORL is continually innovating and updating our capabilities to provide the healthcare industry’s leading Vendor Risk Management solution set. We are pleased to announce that the ​CORL Vendor Portal now includes a new NIST SP 800-53 Rev 5 Vendor Security Questionnaire. The new vendor questionnaire is 351 questions and includes the following features: Read More

Published On November 23, 2021

healthsystemCIO.com Partner Perspective: Health Systems Need New Approach to Managing Threat Posed by Third-Party Vendors

If cybersecurity challenges are mounting for health systems in today’s increasingly risky global environment, why would it be any different for their third-party vendors - especially the smaller ones? What’s clear is that even the largest of health systems can only be as safe as their partners. In this episode of healthsystemCIO’s Partner Perspective Series, Anthony Guerra, editor-in-chief and founder, talks with Brian Selfridge, a partner at CORL Technologies and Meditology Services, about the issue. Read More

Published On November 8, 2021

Keep Up with CORL: Vendor Breach Digest, 11/3/21

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Limeade, Wiggin and Dana LLP, PracticeMax, VillageHealth, Anthem, Accenture, Microsoft, Independent Health Corporation, EMI Health, Orange County Health Care Agency, American Osteopathic Association, GitHub, Acer, and Olympus. Read More

Published On November 3, 2021

Finishing the Job: The Importance of Validation & Remediation in VRM

At CORL, we manage Vendor Risk Management (VRM) programs for hundreds of healthcare organizations. We have learned over the years that the industry standard models for vendor risk assessments cannot scale to meet the challenges we now face to effectively mitigate the risks that vendors pose for the industry. There are a slew of new VRM technologies hitting the market that can help to accelerate communication and reporting around vendor risk management. Read More

Published On October 25, 2021

Keep Up with CORL: Vendor Breach Digest, 10/13/21

Breaches covered in this release: Epilepsy Foundation of Texas, CVS Pharmacy, Aetna, Humana, Quickbooks, Zenith American Solution, Digital Insurance / OneDigital, OSF Healthcare, Facebook, Springhill Medical Center, Georgia Department of Human Resources, State of Alaska Department of Health & Social Service, Navistar, Griffith Energy Services, Advocate Lutheran General Hospital, Coos County Family Services, COA of Southwestern Ohio, and Cox Media. Read More

Published On October 13, 2021

Featured Blog Posts

2023 State of Healthcare Third-Party Cyber Risk Management

Read

Webinar Recap: A Clear Path to Solving for Risk: A Bold New Standard for TPRM

Read

What do the barrier reef and vendor risk have in common? Here’s what healthcare TPRM can learn from this year’s coral cover numbers.

Read

CISA Cyber Performance Goals: Third-Party & Supply Chain Requirements

Read