READ THE REPORT: Prevalent named a LEADER in the Gartner® Magic Quadrant for IT Vendor Risk Management

Healthcare Vendor Network

Healthcare Vendor Network™ Powering CYBERFIT®, Property of NH-ISAC

Cybersecurity breaches are an unfortunate reality, and all healthcare organizations working with third party vendors have a much higher percentage of security vulnerabilities.

Prevalent has partnered with the National Health Information Sharing & Analysis Center (NH-ISAC) on their CYBERFIT® Shared Risk Assessments initiative to help reduce cyber threat risk for the health care community. Prevalent is the chosen platform, powering the automated vendor evidence collection and risk assessments.

Vendor Risk Assessment with CYBERFIT®

With CYBERFIT®, network members gain access to a vendor risk questionnaire called the Healthcare Questionnaire for evidence collection, which is designed to create a baseline across products, services, and vendors with industry common criteria for risk assessment and remediation. 

How does it work?


Step 1

Network members submit a list of vendors to Prevalent. From a time to value perspective there are two process scenarios:

  1. If a completed assessment is already available in the repository, Prevalent will request access for the member.
  2. If a completed assessment is not published in repository for the vendor, Prevalent will communicate with the vendor to obtain a completed Healthcare Questionnaire.

In both cases, published and not published, Prevalent will inform the member of published assessment evidence for the member to begin their risk governance review, acceptance and management.

Note: The Healthcare Questionnaire is reviewed for data integrity and validity with the vendor prior to repository publication. 

Step 2

The Risk Assessment process begins.