Navigating Third Party Vendor Risk

Presented by

Executive Director of Information Security and Compliance at IU Health, Mitchell Parker

About this talk

Providers and other covered entities rely heavily on third-party vendors and other business associates to provide seamless care transactions. However, the need for greater data access expands the threat surface and increases risk when those access points and contractual relationships aren’t properly managed. As healthcare continues to be a prime target for hackers, digital environments need to be protected to ensure providers aren’t exposing their organization to HIPAA compliance issues, security incidents, or even a breach of patient data. Vendor management refers to both ensuring security standards are included in the contracting process, creating a complete data inventory, and identifying just who has access and when. As the Executive Director of Information Security and Compliance at IU Health, Mitchell Parker, MBA, CISSP, focuses on addressing the business needs of Information Security across the organization, contract and vendor management, risk management, and researching and developing security controls for emerging technologies. Learning objectives - Identify the risks posed by third-party vendors, from contracting to risk assessments. - Define the importance of vendor privileged access management. - Outline the best practices to identify, assess, and prioritize vulnerabilities, and pick the right security tools to support the process - Describe the differences between managing network access for internal vs. third-party vendors

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (62)
Subscribers (1789)
Over the past two decades, we have become the leading experts in critical access management for highly regulated enterprise organizations, technology vendors, healthcare providers, and more. Organizations of varying industries and needs continue to depend on SecureLink to secure access to their critical systems, data, IT and OT infrastructure, regulated information, and networks. Our value is more than world-class products — it’s our partnerships with every organization we work with. We understand technology, security, industries, and the vast cyber threats our customers face. We’re here to stand beside them and keep them secure.