Security
HIMSS25: What Healthcare IT Leaders Need to Know About Third-Party Risk Management
Healthcare organizations work with third parties for claims processing, imaging, contractors and more. Each of these third parties represents a potential cybersecurity vulnerability.
Third-party risk management is crucial in today’s interconnected healthcare landscape, especially amid developments in artificial intelligence, which can empower bad actors while further complicating data protection in healthcare.
Erik Decker, Intermountain Health CISO and vice president, explains how healthcare IT leaders can approach third-party risk management to mitigate the impacts of an attack and remain resilient.
DISCOVER: How prepared are cybersecurity leaders for a breach?
Check out this page for our complete coverage of HIMSS25. Follow us on the social platform X at @HealthTechMag and join the conversation at #HIMSS25.
Participants
Erik Decker, Vice President and CISO, Intermountain Health
Video Highlights
- It’s crucial for healthcare organizations to do an assessment of third-party vendors’ security controls and plan risk management accordingly.
- Healthcare organizations can look to the Health Industry Cybersecurity Practices and CISA’s Cybersecurity Performance Goals for cybersecurity best practices that will mitigate third-party risk.
- Third-party vendors should have security controls such as multifactor authentication and single sign-on in place to better protect patient data and reduce the potential impact of an attack on patient care.
Related Videos
