How To Approach Vendor Risk Management
Geoff Wilson
In my latest video below I discuss the largest healthcare data breach of 2019 and how organizations should approach vendor risk management to manage the risk that your vendors present to you.
63% of all healthcare data breached in 2019 was due to the breach of one third-party collection agency, American Medical Collection Agency (ACMA). This breach affected Quest Diagnostics, LabCorp, and 21 other covered entities. ACMA and its parent company have since filed for chapter 11 bankruptcy and the 23 affected organizations are left to deal with the fallout.
Having a business associate / vendor agreement in place is not enough. Organizations need processes in place to validate the security and practices of their vendors. Not all vendors are equal in terms of risk. Focus your more thorough validation on the vendors that present the most risk to your organization. Perhaps this is a vendor that has access to the largest volume of your critical data. Perhaps this is a vendor that performs a highly trusted function.
Learn more about the ACMA breach and how we should approach vendor risk management with my video below.
About the Author
Geoff Wilson
Geoff Wilson is CEO and Founder of Go Security Pro and is an innovative cybersecurity thought leader with deep experience in defensive cybersecurity strategies. Having trained at the National Security Agency, Geoff brings 20 years of cybersecurity experience to your organization.
Geoff has a Master’s of Information Security from Carnegie Mellon University and a Bachelor’s of Computer Science from the University of Oklahoma. He taught a graduate-level Information Security course at the University of Oklahoma for four years. Geoff is a published author, has worked for the National Security Agency, was a federal cybersecurity auditor, and has consulted with the Executive Office of the President.
Geoff is a business leader having founded Go Security Pro in early 2019 with his wife and co-founder Susan Wilson. Geoff regularly speaks at conferences, presents to executive leadership and boards, and can get in the technical weeds with IT professionals.
Geoff treats every engagement as a knowledge transfer opportunity and every client with the utmost care. He is ready to assist you with your cybersecurity challenges.
