Blog

Healthcare CISOs Sound Off on Vendor Risk Management

I have been hosting The CyberPHIx healthcare cybersecurity podcast for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. We have produced 68 podcast episodes and counting thus far. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a on the topic of vendor security risk management. Read More

Published On June 8, 2021

Regs on the Radar: Emerging Supply Chain Regulations & Standards

Recent high-profile supply chain attacks have heightened awareness of third-party vendor cybersecurity and privacy risks on a global scale. However, breaches and vulnerabilities in the supply chain have been on the radar for several years and have led to the development of slew of new regulations and standards. In this blog post, we will give a quick rundown of some of the latest regulations, standards, and guidance targeting supply chain risks from a federal and global standpoint. Read More

Published On May 20, 2021

Reeling in Deals: How to Make Security Assessment Responses a Sales Advantage

Fielding hundreds of security questions from dozens of customer risk assessments can take weeks and sometimes months to address. Getting the right information from the business, the security team, and certain IT specialists and translating that into the customer's specific requests can grind the sales cycle to a halt. Read More

Published On May 7, 2021

Everyone Wins | The Case for Collaboration with Vendors

Vendors can sometimes be treated less like business partners and more like adversaries for some third-party risk programs. This confrontational approach, however, often leads to breakdowns in communication that can impede the shared business objectives between customers and clients for driving down information security risks for all parties involved. Read More

Published On April 16, 2021

Legal Accountability Mounts for Supply Chain Breaches

Class action lawsuits have been piling up in recent years as the scope and scale of cybersecurity breaches continues unchecked in healthcare and other industries. One of the latest lawsuits targeting Rady Children’s Hospital in San Diego goes a step further to hold organizations accountable for breaches suffered by their third-party vendors. Read More

Published On February 4, 2021

The Power of Existing Data for Vendor Risk Assessments

Far too many third-party risk management programs rely upon assessment models that start from scratch with assessing products and vendors as they get processed through standard procurement cycles. The mean time to complete a vendor assessment from scratch takes over 27 days, which includes vendor response cycles, clarifications, and validation of information provided. Read More

Published On January 21, 2021

SolarWinds Cyberattack Exposes Supply Chain Risks

A groundbreaking cyberattack against the Texas-based IT network solutions provider SolarWinds has resulted in unauthorized access to a wide range of government and private sector organizations. The extent, scale, and impact of the attack are still being assessed; however, initial indications are that the attack will have lasting security impacts for months and possible years to come. Read More

Published On December 21, 2020

Selecting the Right Technology for Your Third-Party Risk Management Program

Effective third-party risk management (TPRM) begins with maintaining an updated vendor inventory and conducting assessments for a prioritized subset of vendors who pose the greatest risk to your organization. Technology and automation play a critical role in your program’s ability to deliver assessments and high-quality risk intelligence to the business in a timely fashion. Applying the right technology in the right places in your vendor risk workflow can also save valuable time and money that would otherwise be spent on costly manual processes and systems. Read More

Published On November 24, 2020

Healthcare CISOs Sound Off on Vendor Risk Management

Regs on the Radar: Emerging Supply Chain Regulations & Standards

Reeling in Deals: How to Make Security Assessment Responses a Sales Advantage

Everyone Wins | The Case for Collaboration with Vendors

Legal Accountability Mounts for Supply Chain Breaches

The Power of Existing Data for Vendor Risk Assessments

SolarWinds Cyberattack Exposes Supply Chain Risks

Selecting the Right Technology for Your Third-Party Risk Management Program

Featured Blog Posts

Change Healthcare Cyber Attack: Implications for Third-Party Incident Response in Healthcare Cybersecurity

Do You Understand Your Vendors' SOC 2 Reports?

The Unintended Risks of Third-Party Cybersecurity Questionnaires

HIPAA Security Overhaul and Incentives for Cyber Performance Goals? The HHS Introductory Strategy for Healthcare Sector Cybersecurity is a Game Changer