Blog

Keep Up with CORL: Vendor Breach Digest, 9/28/21

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Apple & FitBit, MapMyFitness, Microsoft, Sony, & Google, Walgreens, TTEC, Fortinet, Vista Radiology, Thomas Eye Group, CoxHealth, Jackson Health System, Facebook, Ottawa Hospital Research Institute, and Resource Anesthesiology Associates (RAA). Read More

Published On September 28, 2021

Keep Up with CORL: Vendor Breach Digest, 9/13/21

CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Microsoft Power Apps, Fujitsu, Nova Biomedical, State of Maryland Board of Podiatry, Sandhills Center, State of Indiana, Nashua Regional Cancer Center, DuPage Medical Group, Metro Infectious Disease Consultants, North Country Healthcare, JPMorgan Chase, and T-Mobile Read More

Published On September 13, 2021

Who is Accountable for Supply Chain Risk? Fallout from the Kaseya Breach

Another gargantuan cyber-attack on the global supply chain took place over the holiday weekend which saw over 1,500 businesses infected with ransomware. The attackers exploited a vulnerability in the third-party software for Kaseya, which provides back-office IT solutions and managed services for small and mid-sized businesses. The breach comes on the heels of other massive supply chain attacks against SolarWinds, Microsoft, and other major third-party vendors. Read More

Published On July 7, 2021

Healthcare Takes It on the Chin with Supply Chain Breaches

Cyberattacks on the supply chain have been growing exponentially in the last several years. These attacks had introduced substantial social and political implications, as we saw with the recent attack against the Colonial Pipeline that disrupted the supply of oil and gas for the southeastern US region. Healthcare has been hit the hardest of all industry segments at a time when we need to be firing on all cylinders to address and recover from a global pandemic. Read More

Published On June 21, 2021

Healthcare CISOs Sound Off on Vendor Risk Management

I have been hosting The CyberPHIx healthcare cybersecurity podcast for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. We have produced 68 podcast episodes and counting thus far. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a on the topic of vendor security risk management. Read More

Published On June 8, 2021

Regs on the Radar: Emerging Supply Chain Regulations & Standards

Recent high-profile supply chain attacks have heightened awareness of third-party vendor cybersecurity and privacy risks on a global scale. However, breaches and vulnerabilities in the supply chain have been on the radar for several years and have led to the development of slew of new regulations and standards. In this blog post, we will give a quick rundown of some of the latest regulations, standards, and guidance targeting supply chain risks from a federal and global standpoint. Read More

Published On May 20, 2021

Reeling in Deals: How to Make Security Assessment Responses a Sales Advantage

Fielding hundreds of security questions from dozens of customer risk assessments can take weeks and sometimes months to address. Getting the right information from the business, the security team, and certain IT specialists and translating that into the customer's specific requests can grind the sales cycle to a halt. Read More

Published On May 7, 2021

Everyone Wins | The Case for Collaboration with Vendors

Vendors can sometimes be treated less like business partners and more like adversaries for some third-party risk programs. This confrontational approach, however, often leads to breakdowns in communication that can impede the shared business objectives between customers and clients for driving down information security risks for all parties involved. Read More

Published On April 16, 2021

Keep Up with CORL: Vendor Breach Digest, 9/28/21

Keep Up with CORL: Vendor Breach Digest, 9/13/21

Who is Accountable for Supply Chain Risk? Fallout from the Kaseya Breach

Healthcare Takes It on the Chin with Supply Chain Breaches

Healthcare CISOs Sound Off on Vendor Risk Management

Regs on the Radar: Emerging Supply Chain Regulations & Standards

Reeling in Deals: How to Make Security Assessment Responses a Sales Advantage

Everyone Wins | The Case for Collaboration with Vendors

Featured Blog Posts

2023 State of Healthcare Third-Party Cyber Risk Management

Webinar Recap: A Clear Path to Solving for Risk: A Bold New Standard for TPRM

What do the barrier reef and vendor risk have in common? Here’s what healthcare TPRM can learn from this year’s coral cover numbers.

CISA Cyber Performance Goals: Third-Party & Supply Chain Requirements