Skip to content

COVID-19 response, third-party vendor management risks to patient safety

September 24, 2021 – Article posted on SC Media

A recently published report from the Ponemon Institute reaffirmed what industry stakeholders have warned for several years: ransomware and other cyberattacks can lead to an increase in mortality rates. The driving factors for patient safety risks were directly tied to third-party vendor management and weaknesses brought on by the COVID-19 pandemic.

While the report was not surprising to those leading health care cybersecurity, it’s a strong reflection of health care’s greatest challenges and the need for providers to take a more proactive approach to close some of these major vulnerabilities.

The pandemic required health care delivery organizations to quickly pivot, bringing on a host of new technologies and platforms that enabled strong remote processes to support the workforce and telehealth usage. The Department of Health and Human Services also issued several enforcement discretions that expanded the types of platforms and data sharing previously not allowed under the Health Insurance Portability and Accountability Act. 

SC Media spoke with several experts, including GuidePoint Security’s CISO, Gary Brickhouse about the challenges of scaling cybersecurity infrastructure in health care due to the the tension between security and productivity/usability. As such, providers need to prioritize identity and access management, which will include gaining insight into the extent of widespread privileges across the enterprise and using two-factor or multi-factor authentication on critical endpoints, said Brickhouse. Best practices for privilege management will include an assessment of user rights to limit their overall footprint, leveraging MFA for remote access, and limiting privileges to only what the user needs to perform their work duties, he added.

Read More HERE.