Healthcare Third-Party Risk Management Newsletter - August 2024
Welcome
Welcome to The Pulse of TPRM , Shared Assessments ' newsletter for the third-party risk management community in the healthcare sector. As a leading trade organization, we are committed to bringing you insights, updates, and resources that are vital for navigating the complexities of risk management in healthcare. This newsletter aims to foster a community of shared knowledge, best practices, and innovative solutions, tailored specifically for professionals like you, who are at the forefront of safeguarding healthcare organizations against diverse risks. Join us in this journey towards excellence in third-party risk management.
In The News
CrowdStrike Outage Results in Massive Losses
The recent CrowdStrike outage on July 19 caused significant disruption across U.S. Fortune 500 companies, with estimated direct financial losses totaling $5.4 billion, according to Parametrix. The healthcare sector was hit hardest, with 75% of Fortune 500 healthcare companies impacted, leading to approximately $1.94 billion in losses. The banking sector followed with $1.15 billion in losses. While cyber insurance policies are expected to cover some of the damage, Parametrix estimates that only 10% to 20% of the financial impact will be covered due to large risk retentions and low policy limits.
3 Best Practices for Managing Sole Sourcing Risks
The Shared Assessments Healthcare Committee recently conducted a small group discussion on sole sourcing, the practice of a company relying on a single supplier for a product or service rather than sourcing from multiple suppliers. Below are three best practices the group identified for managing the risk of sole source suppliers. Join us at the next Healthcare Committee meeting for a discussion of these and other best practices.
Coming Soon: EU Cybersecurity Action Plan
Ursula von der Leyen, President of the European Commission, pledged to introduce a comprehensive plan to combat ransomware attacks on healthcare providers within 100 days of her July 18 reelection to the Commission. Von der Leyen highlighted the increasing threat to healthcare systems across Europe, emphasizing the need for improved threat detection and crisis response. The proposed European action plan on hospital and healthcare provider cybersecurity is a key component of her political guidelines for the 2024-2029 term.
In Case You Missed It
Free Cybersecurity Solutions from Google and Microsoft
In a June press release , the Biden-Harris Administration announced commitments from Google and Microsoft to provide free and low-cost cybersecurity resources for all rural hospitals across the nation. For example, Google will provide free endpoint security advice to rural hospitals and non-profit organizations and Microsoft will offer independent critical access hospitals and rural emergency hospitals up to a 75% discount on security products.
“While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone, which is why these commitments from Microsoft and Google are important. It’s no secret that many rural hospitals across America are struggling as they serve as a health care lifeline in their communities so keeping them safe is essential.”
Rick Pollack, CEO and President, American Hospital Association
Man Uses Physician's Credentials to Fake His Own Death
A Kentucky man was sentenced to 81 months in prison after hacking into multiple state registries, including the Hawaii Death Registry System, to fake his own death to avoid paying over $116,000 in child support. The man used stolen credentials from a physician to access the Hawaii Death Registry, where he falsely submitted and certified his own death. And he didn't stop there, he also breached other state death registry systems and various governmental and corporate networks and attempted to sell access to the compromised systems on the dark web. ?
领英推荐
“This case is a stark reminder of how damaging criminals with computers can be, and how critically important computer and online security is to us all.”
?Carlton S. Shier, IV, United States Attorney for the Eastern District of Kentucky
Refer to the Shared Assessments website and past editions of The Pulse of TPRM newsletter for resources on computer and online security.??
Upcoming Events
?? Committee Meeting: Financial Services
This group nurtures a trusted network of Asset Management and Financial Institution industry professionals who deal with key business processes related to the management of third parties, including but not limited to ESG, governance, procurement, third-party risk, finance, control validation, and policy.
September 12, 2024 | 11:00am - 12:00pm ET | 1 CPE | Sign Up
?? Committee Meeting: Insurance
This group provides participants an opportunity to discuss the expanding risk landscape, the complexity of Nth party relationships, the impact of climate change on complex supply chains, regulatory requirements for insurance firms, and the complexity of assessing risks surrounding their client product offering(s).
September 19, 2024 | 11:00am - 12:00pm ET | 1 CPE | Sign Up
?? Committee Meeting: Procurement & Sourcing
This committee identifies and documents best practices for achieving this partnership, centralizing a vendor inventory/registry, and streamlining the vendor relationship lifecycle.
September 25, 2024 | 11:00am - 12:00pm | 1 CPE | Sign Up
Connect
Subscribe to our Risk Roundup Newsletter : News, Events, and Insights For TPRM.
More questions about Shared Assessments or our Healthcare Initiative? Please connect with Chris Johnson or Stephanie Moore.