What do the barrier reef and vendor risk have in common? Here’s what healthcare TPRM can learn from this year’s coral cover numbers.

Healthcare digital investment is at an all-time high, due in part to the rise of virtual care models, more sophisticated medical devices, the pressure for operational and cost efficiency, and more. With this rise in digital technology naturally comes a corresponding rise in the number of vendor relationships for a given healthcare organization—and with more vendors comes more risk.

But mitigating and even solving for risk despite these circumstances doesn’t have to be a non-starter. To navigate these waters with increased visibility and insight into vendor risk, the TPRM ecosystem could learn a thing or two from the Great Barrier Reef. Asking yourself what risk management has to do with coral?

Read on. The relationship between the two runs so deep that we made a business out of it.

Lesson 1: Rising risk shouldn’t make progress impossible

Like the global impact of climate change, it’s no secret that a global increase in digital adoption has driven risk to new heights. Nowhere is this truer than in the healthcare ecosystem. 2021 set a record high for breaches, with many of these tied to vendors, particularly those with network access or handling sensitive patient data. And the pressure on today’s healthcare cybersecurity professionals has never been higher. With the average hospital working with more than 1,300 vendors, you can see why legacy third-party risk management is no longer making the cut. But healthcare cybersecurity professionals can derive a great deal of hope from the Great Barrier Reef’s ability to bounce back in the face of adversity.

A monitoring group recently reported that two-thirds of the Great Barrier Reef in Australia recorded the highest amount of coral cover in nearly four decades, though the reef is still vulnerable to climate change and mass bleaching. This observation is a noted departure from the conversation around coral reef coverage in recent years, which has mostly focused on the debilitating and stifling effect climate change has had on its ability to grow and thrive. Despite the constant risk and threat to its health and safety, the Great Barrier Reef has found a way to thrive and even improve its coverage.

Digital tools and technologies have the power to transform healthcare as we know it, and to improve the lives of providers and patients. But just as with the Great Barrier Reef’s coral coverage, they face adversaries in the form of bad actors and technical vulnerabilities. An optimistic parallel for today’s healthcare ecosystem, the heightened coral cover this year shows us that progress is not impossible—we just need to seek out novel approaches and stay focused on solving the problem.

Lesson 2: Without remediation, risk can still be deadly

While the unprecedented growth in the north and central regions of the Great Barrier Reef shows significant potential, the loss of coral in the southern region demonstrates that there is still vulnerability to acute and severe disturbances that are occurring more often and are longer-lasting. In fact, while coral cover has seen significant gains elsewhere along the Great Barrier Reef, regionwide hard coral cover on reefs in the southern area fell to 34% this year, compared with 38% in the year prior.

Monitoring and sharing these numbers is vital to educating and empowering the people who can make a difference. But simply measuring the coral cover does nothing to improve it. In order to make a real difference, action must be taken decisively and swiftly. In fact, experts say that if nothing is done, the Great Barrier Reef could stare down extinction as soon as 2050.

What this can teach those in the healthcare TPRM landscape is that TPRM needs to be about more than observation and analytics if it ever truly hopes to evolve past the problem. This is a stark contrast from most solutions on the market, which stop short of remediation. Of course, risk assessments are still important to gauging third-party risk. But assessments alone cannot measurably reduce risk over time. Ultimately, proactive and progressive remediation is the only path to sustainable vendor risk reduction.

Lesson 3: Ecosystems are important, and their balance is delicate

Like the delicate environment in our reefs, in which even subtle changes can leave multiple important species on the verge of extinction, the healthcare vendor landscape’s delicate risk environment has the potential to bring about destruction in the face of a breach event. In healthcare, these costs can be monetary, operational, and immeasurable—in the form of human life.

If the recent breach landscape has taught us one thing, it is that even the smallest gap or vulnerability can lead to a breach with unprecedented reach. Look no further than Community Health Network’s recent data breach, which impacted a massive 1.5 million individuals. The defining characteristic of this breach is not its reach, however; it is its cause. The breach stemmed from an incorrectly configured tracking pixel with third-party tracking technologies. 

The delicate nature of information security and risk shouldn’t scare us, it should compel us to make decisive change in an industry that so desperately needs it. In healthcare, our relationships with our third-parties matter—and the way in which we manage them does, too.

Reversing the course of third-party risk in an accelerated way

Just like with the Great Barrier Reef, progress is not a straight line. At CORL, we are committed to solving the TPRM problem for healthcare by listening to the people that are living it. Our service-centered solution for TPRM is designed to overcome the shortcomings of existing approaches—like scalability, prioritization, remediation, vendor experience, efficiency, and data validation, to name a few. It is an exciting and defining time to work in vendor risk management in healthcare. The prescriptive approaches we continue to shape and perfect in partnership with our clients are key to enabling the vendor ecosystem in healthcare to remain vibrant long into the future.  

Most Recent Posts
Change Healthcare Cyber Attack: Implications for Third-Party Incident Response in Healthcare Cybersecurity Read More
Do You Understand Your Vendors' SOC 2 Reports? Read More
The Unintended Risks of Third-Party Cybersecurity Questionnaires  Read More