CISOs from 6 leading hospitals to create cybersecurity guidelines for vendors

Chief information security officers from six leading hospitals and health systems in the U.S. have teamed up to form the Provider Third Party Risk Management Council.

The group seeks to develop and recommend best practices for third-party vendors managing information security risks, particularly those that work in the supply chain and with patient data.

The six organizations whose CISOs have joined the effort are:

1. Allegheny Health Network (Pittsburgh)

2. Cleveland Clinic

3. University of Rochester (N.Y.) Medical Center

4. UPMC (Pittsburgh)

5. Vanderbilt University Medical Center (Nashville, Tenn.)

6. Wellforce/Tufts Medical Center (Boston)

"Health systems and other providers need to be more active in assessing and monitoring risks posed by third parties to protect patient information while delivering effective care," Taylor Lehmann, CISO of Wellforce, the parent organization of the health system that includes Tufts Medical Center, said in a news release. "The primary challenge is organizations can engage with vendors of various sizes, maturity and complexity without really knowing whether the vendor should be engaged in the first place based on their beliefs and investment in cybersecurity."

The council is working with the HITRUST Alliance, a nonprofit that supports standards and accreditation programs focused on information security. HITRUST operates one of the most widely-adopted assessment approaches used by healthcare organizations to evaluate vendors' security postures.

More articles on cybersecurity:

Report: Spam, malware found in 13% of emails
Why a California-based CISO considers business continuity plans the best defense against cybersecurity attacks
Philips issues another cybersecurity alert for some of its medical devices

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers