Third-Party Risk Considerations During COVID-19 Crisis

As healthcare organizations navigate the COVID-19 crisis, they should take critical steps to improve their security posture and third-party security risk governance, says consultant Brenda Ferraro, the former CISO at Meritain Health, an Aetna subsidiary.

“You need to start thinking about the different security controls that are important for the way we are living today,” says Ferraro, who now serves as a vice president at risk management firm Prevelant.

That means keeping in mind the surge in employees – including those at third-party providers – who now work from home, she says in an interview with Information Security Media Group. “You have to now step up your game in how you are protecting the network. … Are you putting controls on certain ways that information is coming in and going out of your network based on all of these work-at-home environments?”

All work platforms in all locations that handle sensitive information “need to have key security controls implemented in an effort to make sure we’re not weak and vulnerable based on the new way of working,” she adds.

In the interview (see audio link below photo), Ferraro also discusses:

Ferraro is a vice president at risk management firm Prevelant. She previously led a number of organizations through control standardization, incident response, process improvements, data-based reporting and governance issues, including as CISO of Meritain, a subsidiary of Aetna that provides third-party administrator services. She also worked at Coventry, Arrowhead Healthcare Centers and PayPal/eBay.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips