Keep Up with CORL: Vendor Breach Digest, 9/28/21

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Apple & FitBit, MapMyFitness, Microsoft, Sony, & Google, Walgreens, TTEC, Fortinet, Vista Radiology, Thomas Eye Group, CoxHealth, Jackson Health System, Facebook, Ottawa Hospital Research Institute, and Resource Anesthesiology Associates (RAA). Read More

Keep Up with CORL: Vendor Breach Digest, 9/13/21

CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Microsoft Power Apps, Fujitsu, Nova Biomedical, State of Maryland Board of Podiatry, Sandhills Center, State of Indiana, Nashua Regional Cancer Center, DuPage Medical Group, Metro Infectious Disease Consultants, North Country Healthcare, JPMorgan Chase, and T-Mobile Read More

Who is Accountable for Supply Chain Risk? Fallout from the Kaseya Breach

Another gargantuan cyber-attack on the global supply chain took place over the holiday weekend which saw over 1,500 businesses infected with ransomware. The attackers exploited a vulnerability in the third-party software for Kaseya, which provides back-office IT solutions and managed services for small and mid-sized businesses. The breach comes on the heels of other massive supply chain attacks against SolarWinds, Microsoft, and other major third-party vendors. Read More

Healthcare Takes It on the Chin with Supply Chain Breaches

Cyberattacks on the supply chain have been growing exponentially in the last several years. These attacks had introduced substantial social and political implications, as we saw with the recent attack against the Colonial Pipeline that disrupted the supply of oil and gas for the southeastern US region. Healthcare has been hit the hardest of all industry segments at a time when we need to be firing on all cylinders to address and recover from a global pandemic. Read More

Healthcare CISOs Sound Off on Vendor Risk Management

I have been hosting The CyberPHIx healthcare cybersecurity podcast for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. We have produced 68 podcast episodes and counting thus far. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a on the topic of vendor security risk management. Read More

Regs on the Radar: Emerging Supply Chain Regulations & Standards

Recent high-profile supply chain attacks have heightened awareness of third-party vendor cybersecurity and privacy risks on a global scale. However, breaches and vulnerabilities in the supply chain have been on the radar for several years and have led to the development of slew of new regulations and standards. In this blog post, we will give a quick rundown of some of the latest regulations, standards, and guidance targeting supply chain risks from a federal and global standpoint. Read More

Everyone Wins | The Case for Collaboration with Vendors

Vendors can sometimes be treated less like business partners and more like adversaries for some third-party risk programs. This confrontational approach, however, often leads to breakdowns in communication that can impede the shared business objectives between customers and clients for driving down information security risks for all parties involved. Read More