The Healthcare and Public Health Sector Coordinating Council09.22.20
The Healthcare and Public Health Sector Coordinating Council (HSCC) has published the second release of its toolkit for small to mid-sized healthcare institutions to implement and sustain a supply chain cybersecurity risk management program.
Since its original release in October 2019, the “Health Industry Cybersecurity Supplier Risk Management (HIC-SCRiM)” guide has become one of the HSCC’s flag-ship products, accessed by more than 10,000 individuals. It provides actionable guidance and practical tools to help organizations of limited scale or resources to manage the cybersecurity risks they face through their dependencies within the health system supply chain.
“By enabling these organizations to ensure secure products and services from their suppliers, we will leverage market forces to raise the bar across the healthcare supply chain to the benefit of all,” said Greg Garcia, HSCC executive director of its Cyber Security Working Group.
The first release of HIC-SCRiM provided concrete guidance on three of the five NIST CSF Supply Chain requirements covering process as well as practical tools such as contractual language and risk assessment templates. This second release completes the five NIST CSF requirements by covering adherence to contractual terms and testing response and recovery in case of supplier cybersecurity incidents.
“Whether in the administrative offices or in the operating room, the technology and services we introduce into the circulatory system of clinical care must be deployed with patient safety at top of mind,” said Ed Gaudet, CEO of Censinet, who led the work on the new release. “To achieve that patient safety assurance, an enterprise supply chain risk management system must be structured, repeatable, and measurable. This publication provides the tools for that structure.”
Co-chaired by Chris van Schijndel of Johnson & Johnson and Vish Gadgil of Merck, the Supply Chain Security task group that developed the toolkit is made up of more than twenty supply chain and cybersecurity professionals from a broad spectrum of health sector organizations.
Access and download a copy of the HIC-SCRiM here.
Since its original release in October 2019, the “Health Industry Cybersecurity Supplier Risk Management (HIC-SCRiM)” guide has become one of the HSCC’s flag-ship products, accessed by more than 10,000 individuals. It provides actionable guidance and practical tools to help organizations of limited scale or resources to manage the cybersecurity risks they face through their dependencies within the health system supply chain.
“By enabling these organizations to ensure secure products and services from their suppliers, we will leverage market forces to raise the bar across the healthcare supply chain to the benefit of all,” said Greg Garcia, HSCC executive director of its Cyber Security Working Group.
The first release of HIC-SCRiM provided concrete guidance on three of the five NIST CSF Supply Chain requirements covering process as well as practical tools such as contractual language and risk assessment templates. This second release completes the five NIST CSF requirements by covering adherence to contractual terms and testing response and recovery in case of supplier cybersecurity incidents.
“Whether in the administrative offices or in the operating room, the technology and services we introduce into the circulatory system of clinical care must be deployed with patient safety at top of mind,” said Ed Gaudet, CEO of Censinet, who led the work on the new release. “To achieve that patient safety assurance, an enterprise supply chain risk management system must be structured, repeatable, and measurable. This publication provides the tools for that structure.”
Co-chaired by Chris van Schijndel of Johnson & Johnson and Vish Gadgil of Merck, the Supply Chain Security task group that developed the toolkit is made up of more than twenty supply chain and cybersecurity professionals from a broad spectrum of health sector organizations.
Access and download a copy of the HIC-SCRiM here.