Russia/Ukraine Cyberwar: Healthcare Vendor Risks & Response

Healthcare organizations are scrambling to adjust their cybersecurity preparation and response capabilities in the wake of potential cyberattacks stemming from the ongoing conflict between Russia and Ukraine. This blog post provides threat intelligence on the escalating cyberwar activities stemming from this conflict as well as recommendations for healthcare vendor risk management programs to prepare and respond to these emerging threats. Read More

Obtaining Buy-In for Your Third-Party Risk Management Program

Third-party risk management breaches have been snowballing in recent months with no clear end in sight. However, too many healthcare organizations have maintained a status quo approach to their Third-Party Risk Management (TPRM) and Vendor Risk Management (VRM) programs. This blog provides recommendations for delivering messaging to key stakeholder groups within healthcare entities to make the business case for further investments in third-party risk programs. Read More

Healthcare Vendor Risk Management (VRM) FAQs

Are you able to answer these questions about your vendor risk management (VRM) process? What are the most common security frameworks and standards used for healthcare VRM assessments? Does HIPAA mandate that vendors and business associates need to perform security risk assessments? Which risk management tools are most commonly deployed to support healthcare VRM programs? How do healthcare organizations drive and track remediation for vendor security risks? What are the leading practices for high-performing VRM programs? Check out our vendor risk management FAQ to answer these and other related questions. Read More

CORL Releases New NIST 800-53 Rev 5 Vendor Questionnaire

CORL is continually innovating and updating our capabilities to provide the healthcare industry’s leading Vendor Risk Management solution set. We are pleased to announce that the ​CORL Vendor Portal now includes a new NIST SP 800-53 Rev 5 Vendor Security Questionnaire. The new vendor questionnaire is 351 questions and includes the following features: Read More Partner Perspective: Health Systems Need New Approach to Managing Threat Posed by Third-Party Vendors

If cybersecurity challenges are mounting for health systems in today’s increasingly risky global environment, why would it be any different for their third-party vendors - especially the smaller ones? What’s clear is that even the largest of health systems can only be as safe as their partners. In this episode of healthsystemCIO’s Partner Perspective Series, Anthony Guerra, editor-in-chief and founder, talks with Brian Selfridge, a partner at CORL Technologies and Meditology Services, about the issue. Read More

Finishing the Job: The Importance of Validation & Remediation in VRM

At CORL, we manage Vendor Risk Management (VRM) programs for hundreds of healthcare organizations. We have learned over the years that the industry standard models for vendor risk assessments cannot scale to meet the challenges we now face to effectively mitigate the risks that vendors pose for the industry. There are a slew of new VRM technologies hitting the market that can help to accelerate communication and reporting around vendor risk management. Read More

Healthcare Takes It on the Chin with Supply Chain Breaches

Cyberattacks on the supply chain have been growing exponentially in the last several years. These attacks had introduced substantial social and political implications, as we saw with the recent attack against the Colonial Pipeline that disrupted the supply of oil and gas for the southeastern US region. Healthcare has been hit the hardest of all industry segments at a time when we need to be firing on all cylinders to address and recover from a global pandemic. Read More

Healthcare CISOs Sound Off on Vendor Risk Management

I have been hosting The CyberPHIx healthcare cybersecurity podcast for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. We have produced 68 podcast episodes and counting thus far. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a on the topic of vendor security risk management. Read More