Taking Steps to Reduce Vendor Security RisksJohn Delano of AdventHealth Analyzes Latest Breach Trends
With the surge of large health data breaches involving vendors, healthcare entities must take critical steps to improve their third-party security risk management, says John Delano, southwest regional CIO at AdventHealth, which operates 50 hospitals in nine states.
For the first half of this year, nearly half of all health data breaches affecting 500 or more individuals added to the Department of Health and Human Services' HIPAA Breach Reporting Tool website involved business associates, he notes, citing findings of a recent report by security firm Critical Insight.
"It takes a lot of time and effort to not only extend your security posture beyond your own four walls, but then when you have to look at the hundreds or even thousands of vendors and third-party folks who have access to your data, it can be overwhelming," he says.
"But you have to make it priority … to categorize your data and understand who has access to the most critical data - and ensure that [vendors are] taking appropriate steps to meet your security requirements … and to secure that data if it leaves your premises."
In an interview with Information Security Media Group (see audio link below photo), Delano also discusses:
- The surge in cyberattacks on outpatient facilities;
- Legacy system and IoT vulnerabilities that put entities at risk for ransomware attacks and other incidents;
- Cybercrime trends in the healthcare sector.
Delano is regional CIO at AdventHealth and healthcare security strategist at Critical Insight. Previously, he was a senior healthcare strategist for VMware, CISO of Cook Children's Health Care System and CIO at Integris Health.