3rd Party Risk Management , Governance & Risk Management , HIPAA/HITECH

Taking New Risks With Vendor Risk Management

How Moffitt Cancer Center's Dave Summitt Handles Reluctant Business Associates
Dave Summit, CISO, H. Lee Moffitt Cancer Center and Research Institute

Every new cybersecurity regulation puts at least some emphasis on the need to improve vendor risk management, says Dave Summitt of Florida's Moffitt Cancer Center. But what happens when vendors balk at the extra degree of scrutiny required?

See Also: A CISO's Guide to Communicating Risk

The answer, Summitt says, is for healthcare organizations to take a risk-based approach to working with business associates.

In a video interview at Information Security Media Group's Healthcare Security Summit in New York, Summitt discusses:

  • How the regulatory enforcement environment has changed;
  • Why some business associates now push back against cybersecurity agreements;
  • His own risk-based approach to managing reluctant vendors.

Summitt is CISO of the H. Lee Moffitt Cancer Center and Research Institute, based in Tampa, Florida. He has more than 25 years of experience in IT across the federal and private sectors, with a focus on information systems, network and engineering operations and cybersecurity initiatives. Before entering the healthcare sector, Summitt had a 21-year federal career with the Department of Defense, where he held various roles including the Naval Sea Systems Command's technical representative for a major missile defense program, security data custodian, information systems security officer, data and configuration manager and change control chairman for several military programs.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.