third-party security policies Archives

HIPAA-HiTECH Compliance, third-party security policies, Vendor Risk Management

Healthcare Cyber Resilience: Third Party Cyber Risk Management

Posted on August 13, 2024October 7, 2024 by David Lineman

13
Aug

As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations to increase focus of third-party security. For organizations that are already short on resources and staff, adding Vendor Risk Management process can […]

Continue reading →

third-party security policies, Vendor Risk Management

How to Simplify Vendor Risk Management

Posted on February 26, 2024February 19, 2025 by David Lineman

26
Feb

Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for having a defensible cyber program. Over the last several years, many vendor cyber risk management tools have entered the market. In general, […]

Continue reading →

third-party security policies, Vendor Risk Management

8 Rules for Passing Cyber Vendor Assessments

Posted on April 18, 2023April 18, 2023 by David Lineman

We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which they have no idea how to answer. If they don’t “pass” the assessment, they may lose the client entirely. Sometimes it is […]

Continue reading →

third-party security policies, Vendor Risk Management

Third Party Vendor Security – Regulatory Drivers

Posted on August 23, 2016July 15, 2017 by David Lineman

Third Party Vendors and Data Breaches So the bad news is sinking in. Data breach reports are showing that significant information security risk can lie with third party vendors. Starting with the now-famous Home Depot breach, a steady stream of breaches have been reported that involve third party vendors. In some studies, as many as […]

Continue reading →

HIPAA-HiTECH Compliance, third-party security policies

Security Policies Key to HIPAA BA Compliance

Posted on January 29, 2013 by David Lineman

In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010. The new law incorporates some major changes in the HIPAA security […]

Continue reading →

HIPAA-HiTECH Compliance, third-party security policies

Managing Vendor Security Risks Under HiTECH

Posted on March 28, 2012September 27, 2022 by David Lineman

Assessing the risk of third-party vendors has been a growing problem for compliance management. Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing. Within the financial services industry, this has long been accomplished via a SAS70 (now SSAE16) type audit. Within the U.S. [...]

Continue reading →

Login

Register