Managing Third-Party Risk in the Age of RansomwareCISO Mitch Parker of Indiana University Health System Outlines Risk Mitigation Steps
As ransomware and other cyberattacks continues to proliferate, it's critical that healthcare organizations improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System.
"I look at the visibility in two different areas - the first area being visibility as to what my vendors are doing to protect themselves, and the second part is visibility into what are the threats that they are actually seeing," Parker says in an interview with Information Security Media Group. "The same attacks that might be targeting them may be targeting you - or targeting you through them, which is a major challenge."
Faced with the threat of cyberattacks, healthcare organizations need to improve their third-party risk management programs and collaborate with vendors "to make sure they are all addressing and assessing risk continually," Parker stresses.
Parker will participate in a panel discussion on "Tackling Vendor Risk Management Challenges" at the upcoming ISMG Healthcare Security Summit, to be held Nov. 13-14 in New York.
In this interview (see audio link below photo), Parker discusses:
- The most significant third-party risks;
- Why ransomware attacks on third parties can be highly problematic in the healthcare industry;
- Priorities for mitigating third-party risk in the year ahead.
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.