Sign up to save your podcasts
Or
Share Gerry Blass on Healthcare Third-Party Data Breaches [Podcast]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Gerry Blass on Healthcare Third-Party Data Breaches [Podcast]
Post By: Adam Turteltaub
With healthcare relying so heavily on vendors to manage data the risks of a breach are enormous. According to Gerry Blass, President and CEO of ComplyAssistant, a recent survey found that 63% of cyberattacks were through third parties.
In this podcast he provides insight into how to assess and manage the risk of breaches through business associates. To best manage the risk, it’s best to begin before signing the contract: that’s when vendors are most willing to allow you to conduct a technical and administrative assessment of their security. Be sure, he advises, to ask to see their SOC 2 report.
On an ongoing basis do an assessment at least once a year, more frequently for higher risk entities.
And always look at issues such as:
* If the third party has downstream business associates, are they located in the US or in countries with different data rules?
* Are their employees accessing the data remotely?
* What controls are in place if an employee is terminated?
Listen in to learn more about which third parties hold the most and least risk, and what you can do about it.
View all episodes
By SCCE
4.8
3434 ratings
Post By: Adam Turteltaub
With healthcare relying so heavily on vendors to manage data the risks of a breach are enormous. According to Gerry Blass, President and CEO of ComplyAssistant, a recent survey found that 63% of cyberattacks were through third parties.
In this podcast he provides insight into how to assess and manage the risk of breaches through business associates. To best manage the risk, it’s best to begin before signing the contract: that’s when vendors are most willing to allow you to conduct a technical and administrative assessment of their security. Be sure, he advises, to ask to see their SOC 2 report.
On an ongoing basis do an assessment at least once a year, more frequently for higher risk entities.
And always look at issues such as:
* If the third party has downstream business associates, are they located in the US or in countries with different data rules?
* Are their employees accessing the data remotely?
* What controls are in place if an employee is terminated?
Listen in to learn more about which third parties hold the most and least risk, and what you can do about it.
More shows like Compliance Perspectives
View all
Brian Windhorst & The Hoop Collective
3,901 Listeners
Affaires étrangères
126 Listeners
The Daily
112,032 Listeners
The Mel Robbins Podcast
19,641 Listeners
Cold Blooded: Mystery in Alaska
1,463 Listeners