Consider Diversifying Vendors to Combat Cyber Incidents
April 1, 2025
By Greg Freeman
With cyber threats continuing to plague healthcare organizations, risk managers may need to look at new strategies to protect their data, says Elizabeth F. Hodge, JD, partner with the Akerman law firm in West Palm Beach, FL.
Some healthcare organizations are rethinking their reliance on just one vendor for a particular service or product, considering diversification to ease the impact if one vendor is compromised by a cyber attack, she explains.
“They are looking at either multiple vendors to provide the same service, or perhaps one primary vendor but having already identified and perhaps be under contract with a backup vendor,” she says. “We’ve seen over the last couple of years some large events where the issue has been with not the healthcare facility, but with one of its vendors. It may be a vendor that lots of organizations within the healthcare ecosystem use, and so I think organizations are digging in a little more on vetting their vendors and having contingency plans in place in case there is an issue with one of their vendors, especially a critical vendor.”
Security risk analyses are becoming increasingly important, Hodge says, as well as educating staff members about evolving threats.
“When they know what is going on in the wild, the latest ways that threats materialize, your workforce members can be one of your lines of defense,” she says. “If they see something, they know to report it, to say something.”
C-suite support for these efforts has always been important, but Hodge says the good news is that top leadership is becoming more responsive to the need for resources.
“In some organizations it can be a hurdle, but I think now the C-suite, even board members, understand that some of the recent large incidents affected not only patients data, but also had an impact on organizational operating ability and finances,” she says. “I think those types of incidents have been educational for those C-suite and board members who may not have fully appreciated previously why it’s important to have a robust privacy and security compliance program.”
Source
- Elizabeth F. Hodge, JD, Partner, Akerman, West Palm Beach, FL. Telephone: (561) 273-5503. Email: [email protected].
With cyber threats continuing to plague healthcare organizations, risk managers may need to look at new strategies to protect their data.
You have reached your article limit for the month. Subscribe now to access this article plus other member-only content.
- Award-winning Medical Content
- Latest Advances & Development in Medicine
- Unbiased Content