Re-Engineering Vendor Security Risk Management

Subscribe on your favorite platform:

About the Podcast: The CyberPHIx is a regular audio podcast series that reports and presents expert viewpoints on data security strategy for organizations handling patient health or personal information in the delivery of health-related services. These timely programs cover trends and data security management issues such as cybersecurity risk management, HIPAA and OCR compliance strategy and vendor risk management. Meditology Services, the healthcare industry's leading security and compliance firm, moderates the discussions with leaders in healthcare data security.

In this CyberPHIx podcast, Kelly White, Founder and CEO of RiskRecon, outlines key concepts for effective vendor security risk management. Kelly draws on his experience in healthcare as well as other industries vulnerable to third-party data security breaches.

In 2008, the FDIC set a benchmark for vendor data risk by stating that a financial institution’s board of directors and officers are responsible for third-party actions affecting data security. These same standards apply to healthcare organizations, leading to increased oversight of vendor relationships.

You can outsource your systems and services, but you cannot outsource your risk.

Kelly’s position in the security automation market provides insight into emerging trends of innovation and technology to assess the potential risk of vendor data sharing. Our discussion with Kelly touches on some of the following trends:

  • Vendor risk management in peer industries, such as financial services, reveals opportunities for innovation and more effective oversight over vendor relationships in the healthcare sector.
  • The Value of Risk is a key risk management concept that supersedes the rating of risk by the size of vendors.
  • Focus the lens on the Value of the Risk in risk management activities with small or medium-sized vendors to set remediation priorities.
  • Healthcare is an industry primed to adopt and lead innovation and automation in risk management. The next wave of security automation/innovation is likely to come out of the healthcare industry.