DOWNLOAD THE REPORT: Gartner Critical Capabilities for IT Vendor Risk Management – How Important is a Complete Solution?

Whole-in-One Community at Health-ISAC’s Spring Summit

How can healthcare organizations work together to tackle third-party risk? Sara sheds some light.

by Sara Muckstadt

May 7th, 2019

I

I love the quote, “the whole is greater than the sum of its parts.” This phrase was ingrained into my consciousness from a young age, mainly as a way to describe one of the most effective ways to win – as a team. If you’ve ever been part of a great team, you know it to be true. Take my son’s high school basketball team, for example. They recently won a State Championship; a feat most teams will never experience. As players, each one is very different. From defensive specialists to the most accomplished offensive weapons, each player brought an attribute to the game that could only be truly realized when they worked as a team. Help defense, a pick and roll to the basket, or an alley-oop for two points. Not one of these can be accomplished successfully by one player, but rather each player forming a unit, working in unison. This team of five interacted in such a way that their effectiveness was greater than when acting in isolation. In fact, it earned them a state title!

Working as a Team to Fight Third-Party Risk

Healthcare organizations, too, can benefit from working together to achieve success. Let’s face it, the healthcare industry is one of the most targeted sectors by cyber-attackers because of its valuable healthcare data in the form of PHI and PII. Additionally, the surge in connected medical devices and an explosion of outsourcing has caused the attack surface to grow. The increased reliance on business associates and other third-party vendors for delivering critical services has placed a strain on IT organizations and risk managers. To top it all off, complying with regulatory mandates for data protection and IT/OT security means developing and maintaining explicit Third-Party Risk Management programs to manage the risk posed by these business relationships. 

How do healthcare companies manage and mitigate this risk? Thinking back to my son’s basketball team, one idea might be to bring together a network of healthcare stakeholders to share information and collaborate on best practices.

On May 13-17, the Health-ISAC will be holding its Spring Summit in Ponte Vedra Beach, Florida, with the theme of the conference being a “Whole-in-One Community”. Hmm, could this mimic the idea that working together, synergistically, to tackle cybersecurity challenges will yield a greater benefit than going it alone? Many speakers and experts in Vendor Risk Management will be on hand to guide you through the process of starting or maturing your third-party program. Take, for example, my colleague and industry expert, Brenda Ferraro, who will moderate a panel of healthcare experts with a focus on how the H-ISAC Third Party Shared Service has reduced risk for their companies by way of sharing information and helping to mature the vendor ecosystem. This Shared Service is better known as the Prevalent Healthcare Vendor Network.

What is the Prevalent Healthcare Vendor Network?

Prevalent’s Healthcare Vendor Network delivers automated evidence collection and risk management to measure vendors for cybersecurity risk resiliency and ensure regulatory compliance. In partnership with the H-ISAC’s program for Shared Risk Assessments for Third Parties, this network of H-ISAC healthcare members and vendors collaborate using a standardized questionnaire and continuous threat intelligence monitoring, saving time and reducing operating costs. 

Whole in One, Slam Dunk… you get the idea! 

Prevalent is proud to be the exclusive provider of third-party risk management to H-ISAC members, and if you’re attending their spring summit next week you can stop by booth #11 at the Sawgrass Marriott Golf Resort & Spa for a discussion around your risk management objectives. If you’re not able to attend the H-ISAC Spring Summit, contact us today for a discussion or demo.