Healthcare Needs a Better Third-Party Risk Assessment Approach

Modern healthcare relies on growing numbers of third-party vendors, suppliers, and partners providing critical functions across healthcare delivery. When one third party is cyber-attacked, repercussions can be alarmingly broad and devastating—the Synnovis and Change Healthcare attacks demonstrate impacts on patient morbidity, mortality, and financial stability. Expecting providers to risk-assess thousands of partners annually is unrealistic. This presentation examines the need for a different approach: placing the onus to be secure and compliant upon third parties, establishing common audit and assessment frameworks across healthcare, and wider use of attestation frameworks like SOC 2 Type II as improved indicators of security and resiliency.