When considering their next target, threat actors consider two things: how challenging the target is, and how lucrative the outcome could be. For these reasons, healthcare providers are prime targets and their third-parties the low-hanging fruit.
According to Gartner, 75% of healthcare respondents plan to increase spending on cybersecurity in 2023, making it the #1 highest priority among technology investments.
Last week, Health3PT, an association of healthcare providers’ CISOs, including those from well-known organizations such as Premera Blue Cross, Walgreens and CVS, kicked off an initiative to pressure third-party vendors to increase their cybersecurity. They are supported by the certification body HITRUST, which specializes in third-party risk management compliance for the healthcare industry.
“We’re going to the industry, to third parties, and saying, ‘If you want to do business with us and provide services to us, then you need to be HITRUST-certified and implement it in a mature fashion,'” says John Houston, VP InfoSec and Privacy, University of Pittsburgh Medical Center.
While credential frameworks and compliance standards are certainly helpful, they can take years to approve and even longer to achieve marketwide adoption. For this reason, it is important to proactively implement the strongest possible vendor cyber risk management solution available and not delay. Furthermore, verifying compliance is notoriously challenging, and something legacy security ratings services struggle to support.
Panorays works with your third-parties, suppliers and business partners so they adhere to HITRUST, as well as other well known regulations and standards like GDPR, CCPA, NYDFS and more.
Houston continues: “Having HITRUST-certified vendors is a way for organizations to take a more standardized, consistent approach to obtaining, maintaining and monitoring information privacy and security assurances from third parties – without entities having to send their vendors a mountain of proprietary and often redundant questionnaires and single-use assessments.”
Panorays automatically customizes security questionnaires based on the inherent risk of your business relationship and continuously monitors your third-parties with automated external attack surface assessment. Furthermore, for those vendors wishing to streamline the collaboration process, Panorays’ Security Passport makes it easy for both you and your vendors to demonstrate your cybersecurity and compliance standards without the need for questionnaires.
Register for your Free Starter Account today and start building cybersecurity trust with your third-parties while ensuring their adherence to regulations and standards that are essential for your organization.
