3rd Party Risk Management , Governance & Risk Management
Why Vetting AI Vendor Security Is Critical in Healthcare
Attorney Linda Malek of Crowell & Moring on Top Third-Party Cyber ConcernsIt's crucial for healthcare sector organizations to vet their artificial intelligence tech vendors in the same robust way they scrutinize the privacy and security practices of all their other third-party suppliers, said attorney Linda Malek, partner at law firm Crowell & Moring.
"You want to look at whether and how they're deploying data encryption measures and technologies, what their controls are to ensure that sensitive, identifiable data is protected," she said. "You want to know how data is shared across the entire supply chain."
"What kinds of controls are being put in place like multi-factor authentication that would limit the unauthorized access to that data? What is their incident response plan like? Because if there is a robust incident response plan in place by a vendor, then if an incident occurs, they can pivot and respond to it quickly," she said.
Time is always of the essence in healthcare, she said, "So a robust incident response plan is important in this context, whether you're talking about artificial intelligence, or you go beyond that."
In this audio interview with Information Security Media Group (see audio link below photo), Malek also discussed:
- Top cybersecurity and privacy considerations involving the use of AI in healthcare;
- Cyberthreats and risks facing the healthcare ecosystem that should get a higher priority for many entities;
- Potential regulatory and legislative developments from the federal government and states related to healthcare cybersecurity in the months ahead.
Malek advises healthcare and life sciences companies on compliance with federal, state and international laws governing clinical research, data privacy, cybersecurity, and fraud and abuse - including issues under the Stark laws as well as federal and state anti-kickback statutes. She works at the forefront of new laws and regulations involving the impact of technology on the delivery of healthcare for clients, such as national hospital systems and academic medical centers, genetic and biotechnology companies, pharmaceutical companies, and medical device companies.