3rd Party Risk Management , Governance & Risk Management , Healthcare

Third-Party Risk Management: A New Model for Healthcare

ProcessUnity's Hasert on Adapting to Modern Needs in Third-Party Risk Management
Shane Hasert, director of threat research and cybersecurity standards, ProcessUnity

Healthcare organizations are increasingly moving away from outdated methods, endless spreadsheets and repetitive requests in favor of more modern, efficient approaches, said Shane Hasert, director of threat research and cyber security standards at ProcessUnity. Hasert described the current state of third-party risk management as "promising" and "a little bit more in with the times."

See Also: Live Webinar | Building a More Resilient Healthcare Enterprise and Ecosystem

Although many firms have implemented initial onboarding processes for third-party vendors, ongoing monitoring is "one of the bigger problems right now." Hasert recommended an innovative model that supports third parties and customers by sharing data efficiently. The new model focuses on continuous monitoring, effective threat intelligence and AI-powered automation in helping streamline processes and enhance security.

"A lot of organizations don't engage threat intelligence or use active threat monitoring, and they don't realize until after a breach has occurred that they should have been watching this vendor," he said. "The new model is to help the third parties and the customers. The customers need the data and the third parties need to do something once and be able to share it with many." This approach reduces assessment fatigue and enables organizations to focus on high-risk vendors.

In this video interview with Information Security Media Group at the 2024 Healthcare Cybersecurity Summit, Hasert also discussed:

  • Overcoming challenges in third-party risk management;
  • The need to shift from traditional assessment methods to innovative models that reduce assessment fatigue;
  • The role of AI in enhancing third-party risk management.

Hasert has nearly 30 years of experience in risk identification and mitigation, audit process improvement, and client-focused consulting. Prior to ProcessUnity, he worked at CyberGRX, Randian and Shared Assessments.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.