Working with Third Parties to Decrease Risks: Q&A with Lee Barrett from EHNAC

Target. Delta Airlines. MyFitnessPal. MyHeritage. Applebees. Very different types of businesses, but they do have one thing in common. All were victims of a data breach that had its roots in a third-party vendor.

When working with third-party vendors, security must be a shared effort. And it isn’t just your direct vendor contact that you have to worry about; a vulnerability in a vendor’s vendor could end up causing you a lot of headaches – because one thing we know is that it is the big-name enterprise that takes the greatest fall when a third party’s security is weak.

How do you best ensure that security is a shared effort and that your vendors are doing an above-adequate job in meeting not only basic security levels but also compliances and regulations dictated by government and industry standards? I had the chance to interview Lee Barrett, executive director of EHNAC, a federally recognized standards development organization and accreditation body for health care organizations. EHNAC works directly with third-party vendors all across health care to ensure the companies are meeting industry standards for business processes, privacy and security, regulatory compliance, etc. so that the companies that work with them can have trust that they will handle their data to the highest level.

To read the full article, visit IT Business Edge.