Many healthcare organizations are failing to handle shortcomings in safety threat administration for his or her supply chains, says former healthcare CIO David Finn, describing findings of a latest examine assessing the state of cybersecurity within the sector.
“The availability chain threat evaluation actually has to start out earlier than you make a remaining resolution” about bringing onboard a vendor, says Finn, govt vice chairman on the privateness and safety consultancy CynergisTek.
“We very hardly ever see safety and threat administration as a part of a request for proposal,” he says in an interview with Info Safety Media Group. “And that basically must be cooked into the method once you’re searching for a vendor, significantly if it is a vendor that’s going to have entry to your know-how sources, or extra critically, your electronic health information or different affected person info.”
Provide chain considerations had been amongst a bunch of disturbing traits recognized within the latest CynergisTek study analyzing healthcare threat administration practices and the state of cybersecurity within the sector.
For instance, the evaluation discovered many healthcare sector entities “sliding backward” from 2017 to 2019 in implementing practices known as for by the Nationwide Institute of Requirements and Know-how’s cybersecurity framework, Finn notes.
“To see the decline in 2019 numbers after which see this speedy enlargement of the assault floor [amid the pandemic in 2020] … it is actually a scary scenario for us to search out ourselves in,” he says.
Within the interview (see audio hyperlink beneath picture), Finn additionally discusses:
- Different traits recognized within the examine;
- Safety challenges dealing with healthcare entities present process a merger or acquisition;
- Recommendation for bettering security risk management applications.
Finn, govt vice chairman of strategic innovation at CynergisTek, beforehand was well being IT officer at safety vendor Symantec. Previous to that, he was CIO and vice chairman of data companies at Texas Kids’s Hospital, the place he additionally served because the privacy and safety officer. He has greater than 30 years of expertise within the planning, administration and management of IT and enterprise processes.