3 Best Practices For Maturing Healthcare Third-Party Risk Management
Panelists discussed top third-party risk management challenges and best practices at the HealthITSecurity Virtual Summit.
Health-ISAC quote:
“Vendor partners often operate in multiple sectors, so they don’t always have an appreciation for HIPAA, and HIPAA is complex,” added Phil Englert, Health-ISAC’s director of medical device security.
– Third-party risk management (TPRM) remains a significant challenge for healthcare organizations of all sizes, as exemplified by the high volume of third-party data breaches reported to HHS in 2022.
As healthcare organizations continue to expand their network of vendors, existing TPRM strategies are falling short, experts at the 3rd Annual HealthITSecurity Virtual Summit articulated during a panel session.
“Our teams are not only being asked to know, internally, what our risks are and how to address them, but now we’re asking them to know what our partner’s risks are and how specifically to address them in our space, which is considerable,” said Monique Hart, chief information security officer and executive director of information security at Piedmont Healthcare.
“Today, we are looking at poor assessment strategies that don’t support actual remediation, long inefficient turnaround times, questionnaires that aren’t tailored to the specific environment, inconsistent results from analyst over-reliance on technology or external data, and maybe ineffective, inefficient vendor customer communication. That brings a whole lot of challenges.”
Solving these problems is not easy. That was the consensus from Hart and co-panelists Dee Young from UNC Health, Phil Englert from Health-ISAC, Inc., and Ryan Blaney from law firm Proskauer. Throughout their discussion about TPRM obstacles, the experts offered several best practices for maturing the TPRM process that healthcare organizations can begin adopting today.
Read the full article by Jill McKeon in Health IT Security here:
- Related Resources & News
- Cyber Threats Know No Borders
- Health-ISAC Hacking Healthcare 1-10-2025
- Google’s rural healthcare cybersecurity initiative
- Gen Z is stealing your health data—and the consequences may be worse than you think
- Left to Our Own Devices Podcast #71: Errol Weiss
- 2025 Newsletter – January
- The Year Ahead: What Can We Expect Within the Cybersecurity Landscape?
- HHS Urges Health Sector to Beef Up OT, IoMT Security
- Defending Healthcare Facilities Against Ransomware Attacks
- Health-ISAC Hacking Healthcare 12-16-2024