New SaaS offering provides comprehensive automation for healthcare organizations struggling with arduous, high-stakes risk incurred by third-party vendors.
RESTON, VA, March 15, 2023 – Reston, VA – In advance of the 2023 ViVE digital health event in Nashville, Intraprise Health, a leading healthcare cybersecurity company, announced the release of their comprehensive BluePrint Protect™ Third-Party Risk Management (TPRM) platform. This development adds a critical defense mechanism to the healthcare industry, as estimates indicate that as many as 60 percent of breaches and security events are the direct result of third-party vendor vulnerabilities.
BluePrint Protect TPRM alleviates the struggles faced by healthcare organizations as they grapple with the challenge of cyber threats introduced by mission-critical third-party applications – often with time consuming, error-prone manual methods. It is not uncommon for a medium-sized health system to utilize over 300 third party applications, with varied levels of risk and access to vulnerable protected health information (PHI). The cost of manually assessing and tabulating the results and remediation plan are so daunting that many organizations simply cannot manage the risk and rely on Cyber Insurance for catastrophic damage recovery.
The platform prioritizes best-in-class automation, streamlined workflows, and optimized analytics adhering to NIST standards.
“Clients constantly tell us that the burden of communicating with vendors and the required follow up to complete the assessments is a draining effort,” said Tim Denis, Chief Product Officer at Intraprise Health. “For that reason, we designed the [BluePrint Protect] system to automatically notify vendors of the outstanding information required and provide an easy conversation history to reduce the effort of all participants in the process.”
The SaaS-based TPRM solution provides automated outreach of tailored security questionnaires to specific third-party application vendors that are sent, tracked, and managed through the system as the security information is collected. The system records the collaboration between the vendor and health system security team so that all information exchanged is available as part of the security record. BluePrint TPRM then displays a comprehensive, portfolio view of key analytics including risk level, assessment status, prioritized remediation, and progress. Furthermore, the system allows customization of assessments that fit the risk-level and potential negative impact on the security environment which fits the needs of security teams compared to a “one-size fits all” strategy of fixed assessment types.
As a leading product and cybersecurity consulting company, Intraprise Health can also provide its security staff to perform the vendor assessments alongside its clients. The combination of manage-service and self-service helps organizations balance needed workloads with cybersecurity staffing availability and resource constraints.
BluePrint TPRM highlights include:
- Visibility to the entire portfolio of third-party systems as an integral component of enterprise risks, easing your audit woes and ensuring you have an accurate understanding of risk posture
- Tiered assessments based on priority, potential risk level, and type of technology or hosting location to mitigate the most urgent threats first
- Standardized and streamlined vendor selection processes, managing risk effectively to keep projects on track and on time
- Risk interoperability – normalized, validated risk data shared across a community of users for consistent vendor management at scale
- Health tech, IoT and medical device vendor assessments in a single platform, mapped to industry standards to ensure adherence to compliance frameworks (HIPAA, NIST, MDS-2)
For more information on Intraprise Health’s market-leading third-party risk management solution and flagship Integrated Risk Management, go to intraprisehealth.com.
About Intraprise Health
Intraprise Health, healthcare’s leading compliance and cybersecurity organization, provides holistic visualization of your compliance and security posture. Their comprehensive services, backed by automation, rapidly integrate in native environments, yielding a comprehensive view of risk – spanning adherence to compliance frameworks, cybersecurity vulnerabilities, and third-party risk. Eliminate blind spots with Intraprise – the fifth HITRUST assessor since 2011.