In this series, Shared Assessments Advisory Board Committee member Ken Peterson talks about managing cyber risk in the Healthcare space. We look forward to hearing more on this topic from Ken and the NH-ISAC at the 10th Annual Shared Assessments Summit.
“We’re operating in a highly dynamic and continually evolving threat landscape for potential cyberattacks. We’ve learned that more extensive information sharing and reporting about incidents has given us a clearer picture of the dimension of the threats organizations face. The biggest risk for any organization is not understanding the unique threats and vulnerabilities for a potential attack. It is important to engage with communities of interest who can provide intelligence and techniques that can assist the organization in meeting its information security requirements.”
The healthcare industry has recently made a big push to move from paper to electronic health records putting and enormous amount of personal data in motion? How does the shift to electronic health records make your business more challenging?
“We’re balancing two paradigms here – consumer demands for easier access to their personal health information and the need to protect sensitive data that is increasingly more in motion. Our goal is always to ensure the right safeguards, and procedures are in place to better protect sensitive information – for the benefit of consumers, the healthcare market and organizations engaging with the healthcare industry.”
As the healthcare industry embraces an increased exchange of electronic data, what are 2-3 things an organization needs to be mindful of as it relates to mitigating their risk for cyberattacks?
“The first thing to understand is where and how your organization might be vulnerable to attack. For example, companies don’t often have a firm grasp of their vendor population and the intended or unintended risks that vendors may bring to your business operations. Are these vendors introducing a potential virus or malicious code via their electronic communications with your company or are they not taking proper measures to safeguard physical information that may put your business at risk. Also, does an organization have a proper vendor or third party risk governance process in place for routinely reviewing and updating vendors that are engaging with your organization. Lastly, does an organization have a proper vetting process for onboarding new vendors to ensure they meet proper security requirements. All important steps in mitigating risk for cyberattacks.”
Kenneth J. Peterson, CTPRP
Founder and CEO
Churchill & Harriman
Ken Peterson is a recognized leader in developing and implementing cybersecurity risk management strategies and solutions. Under Peterson’s stewardship, C&H has optimized enterprise risk governance programs, executing thousands of third-party risk assessments globally since 1997. C&H risk management work has been formally recognized by the U.S. Department of Homeland Security, the Federal Bureau of Investigation, the U.S. Department of Health and Human Services, the National Health ISAC, and the National Directorate of ISACs. In partnership with Prevalent, Inc., C&H has been formally selected by the NH-ISAC to perform certain third-party risk management services on behalf of their Members.
C&H is an Assessment Firm Member of the Shared Assessments (SA) Program, actively contributing to the Shared Assessments Agreed Upon Procedures (AUP), the Standardized Information Gathering (SIG) questionnaire, the Technical Development Committee and public outreach programs. Peterson is privileged to serve on the Shared Assessment Program’s Steering Committee and governing Advisory Board. Peterson additionally serves as the formal liaison between these two bodies.
To Learn more about C&H, please email info@chus.com.