BLOG

CORL Releases New NIST 800-53 Rev 5 Vendor Questionnaire

CORL is continually innovating and updating our capabilities to provide the healthcare industry’s leading Vendor Risk Management solution set. We are pleased to announce that the ​CORL Vendor Portal now includes a new NIST SP 800-53 Rev 5 Vendor Security Questionnaire. The new vendor questionnaire is 351 questions and includes the following features: Read More

healthsystemCIO.com Partner Perspective: Health Systems Need New Approach to Managing Threat Posed by Third-Party Vendors

If cybersecurity challenges are mounting for health systems in today’s increasingly risky global environment, why would it be any different for their third-party vendors - especially the smaller ones? What’s clear is that even the largest of health systems can only be as safe as their partners. In this episode of healthsystemCIO’s Partner Perspective Series, Anthony Guerra, editor-in-chief and founder, talks with Brian Selfridge, a partner at CORL Technologies and Meditology Services, about the issue. Read More

Keep Up with CORL: Vendor Breach Digest, 11/3/21

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Limeade, Wiggin and Dana LLP, PracticeMax, VillageHealth, Anthem, Accenture, Microsoft, Independent Health Corporation, EMI Health, Orange County Health Care Agency, American Osteopathic Association, GitHub, Acer, and Olympus. Read More

Finishing the Job: The Importance of Validation & Remediation in VRM

At CORL, we manage Vendor Risk Management (VRM) programs for hundreds of healthcare organizations. We have learned over the years that the industry standard models for vendor risk assessments cannot scale to meet the challenges we now face to effectively mitigate the risks that vendors pose for the industry. There are a slew of new VRM technologies hitting the market that can help to accelerate communication and reporting around vendor risk management. Read More

Keep Up with CORL: Vendor Breach Digest, 10/13/21

Breaches covered in this release: Epilepsy Foundation of Texas, CVS Pharmacy, Aetna, Humana, Quickbooks, Zenith American Solution, Digital Insurance / OneDigital, OSF Healthcare, Facebook, Springhill Medical Center, Georgia Department of Human Resources, State of Alaska Department of Health & Social Service, Navistar, Griffith Energy Services, Advocate Lutheran General Hospital, Coos County Family Services, COA of Southwestern Ohio, and Cox Media. Read More

Keep Up with CORL: Vendor Breach Digest, 9/28/21

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Apple & FitBit, MapMyFitness, Microsoft, Sony, & Google, Walgreens, TTEC, Fortinet, Vista Radiology, Thomas Eye Group, CoxHealth, Jackson Health System, Facebook, Ottawa Hospital Research Institute, and Resource Anesthesiology Associates (RAA). Read More

Keep Up with CORL: Vendor Breach Digest, 9/13/21

CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Microsoft Power Apps, Fujitsu, Nova Biomedical, State of Maryland Board of Podiatry, Sandhills Center, State of Indiana, Nashua Regional Cancer Center, DuPage Medical Group, Metro Infectious Disease Consultants, North Country Healthcare, JPMorgan Chase, and T-Mobile Read More

Who is Accountable for Supply Chain Risk? Fallout from the Kaseya Breach

Another gargantuan cyber-attack on the global supply chain took place over the holiday weekend which saw over 1,500 businesses infected with ransomware. The attackers exploited a vulnerability in the third-party software for Kaseya, which provides back-office IT solutions and managed services for small and mid-sized businesses. The breach comes on the heels of other massive supply chain attacks against SolarWinds, Microsoft, and other major third-party vendors. Read More