Charles Sternberg, Associate Editor10.05.23
In recognition of National Cyber Security Awareness Month, the Healthcare Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) reminds healthcare entities that more than half of data breaches occur through third party suppliers and business associates, requiring health providers and other healthcare organizations to redouble efforts to manage that external risk.
An essential toolkit is available to help. In 2020 the HSCC CWG published the “Health Industry Cybersecurity Supplier Risk Management (HIC-SCRiM)” toolkit, which provides actionable guidance and practical methods to help organizations of limited scale or resources manage their cybersecurity risks from dependencies on the health system supply chain.
The HIC-SCRiM toolkit is written primarily for leadership of small to medium organizations and follows the Supply Chain requirements within the NIST Cyber Security Framework (CSF) to help healthcare organizations manage cybersecurity risks from third-parties in the health system supply chain. By guiding organizations to demand secure products and services from their suppliers, the toolkit can leverage market forces to raise the cybersecurity bar across the healthcare supply chain.
An updated version of the toolkit was published today, which now includes reference to a detailed HSCC model cybersecurity contract between providers and suppliers that can be applied in modular form to procurement and service agreements.
An essential toolkit is available to help. In 2020 the HSCC CWG published the “Health Industry Cybersecurity Supplier Risk Management (HIC-SCRiM)” toolkit, which provides actionable guidance and practical methods to help organizations of limited scale or resources manage their cybersecurity risks from dependencies on the health system supply chain.
The HIC-SCRiM toolkit is written primarily for leadership of small to medium organizations and follows the Supply Chain requirements within the NIST Cyber Security Framework (CSF) to help healthcare organizations manage cybersecurity risks from third-parties in the health system supply chain. By guiding organizations to demand secure products and services from their suppliers, the toolkit can leverage market forces to raise the cybersecurity bar across the healthcare supply chain.
An updated version of the toolkit was published today, which now includes reference to a detailed HSCC model cybersecurity contract between providers and suppliers that can be applied in modular form to procurement and service agreements.