Censinet Advances Third-Party Risk Management in Healthcare
Post Summary
New capabilities in Continuous Monitoring, Controls Validation, and Vendor Lifecycle Workflows to eliminate risks to patient data and safety.
Continuous Monitoring provides an ‘outside-in’ security rating of third-party vendors, analyzing risks across 10 categories like email security, patch management, and compromised credentials.
MDS2 2019: Supports medical device vendors with updated security disclosures. Mobile Applications: Covers apps and APIs for secure access to electronic health information. Healthcare-Specific Use Cases: Includes assessments for Covered Entities, affiliated physicians, and secure software development lifecycles.
Automatically updates risk assessments based on changes in technology, threats, and regulations, ensuring compliance with frameworks like NIST.
They reduce the time and cost of risk assessments, improve compliance, and enable faster adoption of emerging technologies like IoT and mobile apps.
Visit Censinet’s website for more information on mitigating third-party risks.
New Innovations in Continuous Monitoring, Curated Content, and Vendor Lifecycle Workflows Deliver the Healthcare Industry’s Most Comprehensive Platform for Eliminating Risk to Patient Data and Safety
BOSTON, MA – March 30, 2020 – Censinet, the leading collaborative risk network for healthcare organizations (HCOs), today announced new products and capabilities across three strategic areas – Continuous Monitoring, Controls Validation, and Vendor Lifecycle Workflows. These innovations advance Censinet’s mission to reduce risk to patient data and safety, and accelerate compliance across an HCO’s supply chain of third-party vendors.
“Healthcare organizations demand faster, higher-quality and more complete risk assessments across their supply chain. It drives our vision of ‘taking the risk out of healthcare’ and delivering unique capabilities such as One-Click AssessmentsTM,” said Ed Gaudet, CEO and founder of Censinet. “This announcement builds on our mission to be the trusted network for risk management in healthcare, helping CIOs and CISOs eliminate risks to patient data, safety, and quality care delivery.”
Third-Party Risk Management Innovations
With this announcement, Censinet continues to challenge the status quo, enabling HCOs to move beyond traditional approaches to data risk awareness. Censinet saves HCOs significant time and costs, and increases productivity of IT, security, and risk teams, all while enabling clinicians and business leaders to rapidly adopt new technologies. By dramatically streamlining the assessment process, the need for HCOs to prioritize risk evaluations and leave some areas unexamined becomes obsolete.
New Continuous Monitoring Capabilities
Continuous monitoring delivers security ratings of a third-party vendor’s organizational risk posture with a comprehensive ‘outside-in view of an organization’s security risk. Censinet Continuous Monitoring complements its industry-leading vendor and product risk assessments through comprehensive questionnaires and critical supporting evidence.
The new capabilities gather data from a variety of public and private sources, analyze it, and deliver a risk rating across 10 categories: digital footprint, patch management, DNS health, email security, IP/domain reputation, compromised credentials, fraudulent domains, web security, information disclosure, and web ranking. Censinet rates third-party risks and assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and quantifies probable financial impact to communicate risks in business terms.
New Risk Assessments and Curated Content Automation
Censinet vendor risk assessments provide 100% compliance to NIST CSF 1.1. However, rapid adoption by clinicians of emerging technologies, such as new cloud-based and mobile applications, medical devices, and other innovations such as blockchain, artificial intelligence (AI) and machine learning, is a key challenge today for HCOs. Censinet automatically monitors and curates risk from changes to the technology landscape, threat environments, regulatory updates, and standard industry frameworks such as NIST. This unique Censinet risk curation expertise provides updates to risk every quarter or on-demand as needed.
All Censinet questionnaires are versioned with full history and audit trails. Standard risk questionnaires cover thousands of clinical, business, and operational applications whether in the cloud, on-premises, or hybrid, plus hardware devices and appliances, and other connected internet of things (IoT) devices. With today’s announcement, Censinet introduces the following new risk assessment types:
- MDS2 2019: The Medical Imaging & Technology Alliance (MITA) published NEMA/MITA HN 1-2019, Manufacturer Disclosure Statement for Medical Device Security (MDS2), which provides standardized information on security control features integrated within medical devices. To support security risk management through voluntary standard, Censinet now allows medical device vendors to upload their MDS2 2019 with guidance or continue to share their MDS2 2013.
- Mobile Applications: A recently proposed rule by the Office of the National Coordinator for Health IT (ONC) requires healthcare providers to adopt standardized APIs to help application developers give individuals easier and more secure access to their electronic health information via smartphones and other mobile devices. Censinet now provides risk assessment questionnaires that cover these types of applications and technologies.
- Healthcare-specific Use Cases: Censinet provides risk assessments unique to healthcare providers. These risk assessments include information exchanged between Covered Entities, affiliated physicians, ambulatory or other practices, and the secure software development lifecycle (SSDLC) for internally-developed clinical and business applications.
“Most industry frameworks take a year or longer to update risk content,” said Steve McGee, Chief Information Security Officer at Censinet. “Censinet is committed to fast and complete risk assessments based on current technologies, changes to regulations and real-time threat monitoring intelligence. Censinet Curation Services enhance healthcare provider’s clarity around risk introduced by their supply chain, as well as reduce compliance burdens.”
For more information on Censinet and how it is helping healthcare providers mitigate third-party risk, please visit: https://censinet.com/for-health-care-organizations/
About Censinet
Censinet provides the first and only third-party risk management platform built by and for healthcare organizations to manage the data threats that exist within an expanding ecosystem of vendors. With its unique Censinet One-click AssessmentTM capabilities and Digital Vendor CatalogTM, the Censinet Platform reduces the time to assess vendor risk from weeks to seconds, while automating inefficient workflows and providing continuous real-time insights into the changing risk profile of each vendor. Censinet is based in Boston, MA and can be found at https://censinet.com/.
Contacts
Nicole Rosenberg
fama PR for Censinet
(617) 986-5052
censinet@famapr.com
###
Key Points:
What is the focus of Censinet’s new innovations?
- Censinet has introduced new capabilities in three strategic areas: Continuous Monitoring, Controls Validation, and Vendor Lifecycle Workflows.
- These innovations aim to eliminate risks to patient data and safety, while accelerating compliance across healthcare organizations’ supply chains.
What is Continuous Monitoring, and how does it improve risk management?
- Continuous Monitoring provides an ‘outside-in’ security rating of third-party vendors, offering a comprehensive view of their organizational risk posture.
- It gathers data from public and private sources to analyze vendor risk across 10 categories, including:
- Digital footprint
- Patch management
- Email security
- Compromised credentials
- IP/domain reputation
- Web security and others.
- Vendors are assigned letter grades, and risks are correlated with industry standards like NIST, helping healthcare organizations understand compliance requirements and financial impact.
How does Censinet’s curated content automation enhance risk assessments?
- Censinet continuously monitors and updates risk assessments to reflect:
- Changes in the technology landscape.
- Threat environments.
- Regulatory updates, such as NIST and other industry frameworks.
- Risk assessments are versioned with full history and audit trails, ensuring accurate and up-to-date compliance.
What new types of risk assessments are being introduced?
Censinet has added risk assessment types that address key healthcare challenges:
- MDS2 2019: Supports medical device vendors by allowing them to upload Manufacturer Disclosure Statements for Medical Device Security 2019 or 2013, ensuring compliance with MITA standards.
- Mobile Applications: Covers mobile apps and APIs required by the ONC for secure access to electronic health information.
- Healthcare-Specific Use Cases: Provides unique assessments for Covered Entities, affiliated physicians, and secure software development lifecycles (SSDLC) for clinical and business applications.
How do these innovations benefit healthcare organizations?
- Faster and more complete risk assessments that reduce the time and costs associated with traditional risk evaluations.
- Improved clarity and visibility into risks posed by third-party vendors throughout the supply chain.
- Enhanced compliance efforts with automated updates reflecting real-time threats and regulatory changes.
- Streamlined adoption of new technologies, such as mobile apps, medical devices, and IoT solutions.
Why are these advancements critical for healthcare organizations?
- The rapid adoption of emerging technologies introduces new risks to patient data and safety.
- Traditional risk assessment frameworks take longer to update, leaving critical gaps in compliance and threat awareness.
- Censinet addresses these gaps by providing real-time insights and faster updates, enabling healthcare providers to remain agile and proactive.
Where can healthcare organizations learn more about these innovations?
- Visit Censinet’s website for more information on mitigating third-party risks and leveraging these new capabilities.
