Why Hospitals Must Implement Robust Vendor Risk ManagementJohn Riggi of the American Hospital Association on Critical Third-Party Concerns
It's becoming more critical than ever for hospitals to have vigorous programs that continuously evaluate and address the security risks posed by third-party vendors, said John Riggi, national adviser for cybersecurity and risk at the American Hospital Association.
"Managing third parties within our hospitals and health systems continues to be a major challenge," Riggi said.
"The bad guys, our foreign-based cyber adversaries, have mapped our sector and identified critical third-party relationships that hospitals and health systems have - and are exploiting those relationships," he said in a video interview with Information Security Media Group.
"They're either stealing hospital data that's been housed by a third party or they're using a third party as an electronic conduit to attack hospitals and health systems," he said.
"It is really important for hospitals to set up a very robust third-party risk management program that goes forward on a continuing basis, continuously evaluating all the third parties that have connections - literally, electronic connections - into the organization."
In this interview with Information Security Media Group, Riggi also discussed:
- Key findings from a recent study by KLAS Research, security risk management firm Censinet and the AHA to benchmark cybersecurity maturity among hospitals;
- How hospitals can improve their cyber resiliency;
- Emerging risks involving the deployment of artificial intelligence technologies in healthcare.
Riggi leads cybersecurity and risk for the American Hospital Association, which has more than 5,000 U.S. member hospitals. He previously served in the FBI for 30 years in a variety of leadership roles, including representative to the White House Cyber Response Group. He also served as a senior representative to the CIA, working as the national operations manager for terrorist financing investigations.