3rd Party Risk Management , Governance & Risk Management , Risk Assessments
Navigating Supply Chain Security Risks
Darren Vianueva of Trinity Health Describes Newly Issued GuidanceAs the supply chain in the healthcare sector becomes increasingly complex, so do the cybersecurity risks and threats. New guidance from the Healthcare & Public Health Sector Coordinating Council aims to help healthcare organizations better address these challenges, says Darren Vianueva, a senior vice president at Trinity Health who co-chaired a task force that developed the guidance.
"The interdependency between providers, suppliers, manufacturers and subcontractors for network access and data exchange continues to grow," he says in an interview with Information Security Media Group. "So the need for all interdependent organizations to work together to improve and mitigate the threat opportunities is one of the highest priorities."
The Health Industry Cybersecurity Supply Chain Risk Management Guide, issued on Oct. 16, is designed to help "vastly improve the cybersecurity programs for the medium to small organizations," he says.
The document provides practical tools to help organizations better manage cybersecurity risks posed by their supply chain vendors, says Vianueva, who is co-chair of the HSCC coordinating council's supply chain cybersecurity task group.
The guidance, he says, describes how organizations can "use and leverage their supply chain as a gatekeeper to identify and mitigate third-party risk and provides tools, templates and resources to build their security program."
In the interview, (see audio link below photo) Vianueva also discusses:
- How the guidance can be applied by larger healthcare organizations as well;
- How the guidance maps to the supply chain security practices in the National Institute of Standards and Technology's Cybersecurity Framework;
- The types of supply chain cybersecurity challenges the guidance addresses;
- Top supply chain cybersecurity issues that Trinity Health is focused on for next year.
Vianueva is senior vice president of shared services operations and technology sourcing at Trinity Health. The integrated health system, based in Livonia, Michigan, includes 92 hospitals and 109 continuing care facilities, home care agencies and outpatient centers in 22 states.