Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.
Recently Added Articles as of April 3
Third-party risk remains in the spotlight as more breaches of thousands of people’s data, potential new UK legislation, and EU regulations like DORA highlight growing demands for stronger vendor oversight, faster incident reporting, and tighter supply chain security. Catch up on this week’s news below.
Streaming company experiences third-party data breach: A cloud-based streaming company confirmed a third-party data breach after stolen data was posted on a hacking forum. The company, StreamElements, stopped working with the third party last year, but older data was still exposed. The hacker claimed it stole data of 210,000 customers, including names, phone numbers, and email addresses. It’s an important reminder that vendor contracts should include provisions for disposal of sensitive data.
Related: How to Get Data Back from a Vendor
UK to introduce cyber resilience bill with strict reporting rules and supply chain oversight: The United Kingdom plans to introduce the Cyber Security and Resilience Bill, aiming to enforce stricter incident reporting and supply chain vulnerability patching. Organizations would need to report significant cyber incidents within 24 hours and submit detailed reports within 72 hours to the National Cyber Security Center. The bill also seeks to regulate managed service providers, enhancing cyber hygiene requirements for essential and digital service supply chain entities.
Third-party software vulnerability causes university breach: A third-party software vulnerability caused a data breach at Lee University in Tennessee. Hackers were able to access and download confidential information. It’s not clear how many people were impacted by the breach.
Assessing a critical vendor’s security posture: As third-party cyberattacks increase, CISOs need to ask third-party vendors about their overall security program, how they integrate security into development, and whether they manage supply chain risks with a third-party risk management program. These questions help evaluate whether vendors meet organizational security standards. Transparency and alignment are key to protecting shared systems and data. Review documentation that offers insight into the vendor’s overall security program, like SOC 2 reports or other certifications.
67,000 compromised in healthcare third-party data breach: A third-party data breach at orthopedic clinic impacted more than 67,000 New Hampshire residents. The third-party software is used for patient registration and check-ins. Compromised information includes names, drivers' licenses, Social Security numbers, and health insurance information.
Importance of third-party compliance with DORA: Third-party vendors serving the European Union (EU) — including those based in the U.S. — must comply with the Digital Operational Resilience Act (DORA). EU financial institutions will look for DORA compliance when selecting a third-party vendor, including standards on operational resilience, cybersecurity, and third-party risk management. Audit systems, review and improve resilience protocols, and prepare for audits to meet DORA’s requirements.
.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
