Cybercrime , Fraud Management & Cybercrime , Healthcare

Why Hospitals Must Implement Robust Vendor Risk Management

John Riggi of the American Hospital Association on Critical Third-Party Concerns
John Riggi, national adviser for cybersecurity and risk, American Hospital Association

It's becoming more critical than ever for hospitals to have vigorous programs that continuously evaluate and address the security risks posed by third-party vendors, said John Riggi, national adviser for cybersecurity and risk at the American Hospital Association.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

"Managing third parties within our hospitals and health systems continues to be a major challenge," Riggi said.

"The bad guys, our foreign-based cyber adversaries, have mapped our sector and identified critical third-party relationships that hospitals and health systems have - and are exploiting those relationships," he said in a video interview with Information Security Media Group.

"They're either stealing hospital data that's been housed by a third party or they're using a third party as an electronic conduit to attack hospitals and health systems," he said.

"It is really important for hospitals to set up a very robust third-party risk management program that goes forward on a continuing basis, continuously evaluating all the third parties that have connections - literally, electronic connections - into the organization."

In this interview with Information Security Media Group, Riggi also discussed:

  • Key findings from a recent study by KLAS Research, security risk management firm Censinet and the AHA to benchmark cybersecurity maturity among hospitals;
  • How hospitals can improve their cyber resiliency;
  • Emerging risks involving the deployment of artificial intelligence technologies in healthcare.

Riggi leads cybersecurity and risk for the American Hospital Association, which has more than 5,000 U.S. member hospitals. He previously served in the FBI for 30 years in a variety of leadership roles, including representative to the White House Cyber Response Group. He also served as a senior representative to the CIA, working as the national operations manager for terrorist financing investigations.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.