Several healthcare chief information security officers have established a council to develop best practices for managing third-party risks.
The CISOs want to limit the security risks that vendors can inflict on hospitals and other provider venues, starting with the supply chain.
Many provider organizations do not have the expertise and resources to conduct proper vetting and monitoring of third-parties working within the facility, so the early work will focus on building common vetting and oversight practices that can be applied nationwide and internationally.