The Alliance Uses Bitsight Vendor Risk Management to Mitigate Third-Party Risks
Program automation and reliable cybersecurity data helped The Alliance improve how they managed vendor relationships while meeting regulatory requirements.
Program automation and reliable cybersecurity data helped The Alliance improve how they managed vendor relationships while meeting regulatory requirements.
As a trusted provider of affordable health care services for lower-income residents in their region, Alameda Alliance for Health (The Alliance) faces pressure to manage business risk efficiently in order to provide quality care for their members. Having experienced difficulty managing third-party vulnerabilities and resulting data breaches in the past, The Alliance knew they needed technology that would seamlessly integrate with their current programs to efficiently and proactively manage vendor risk.
Like all healthcare organizations, The Alliance faces regulatory pressure to properly manage member data and proactively manage cybersecurity vulnerabilities internally, and within their large third-party ecosystem.
“We needed a system that had both vendor evaluation and overall management technology, all in one system,” says Elizabeth Olson Lennon, Director of Vendor Management at The Alliance. They found what they needed in a vendor risk management solution with Bitsight.
With Bitsight Vendor Risk Management, The Alliance is able to conduct the entire vendor assessment and management process in one centralized location, improving efficiency across their vendor risk management program.
“We save hundreds of hours annually by using Bitsight. We’ve integrated Bitsight Vendor Risk Management into our onboarding and evaluation process, and it’s helped us identify the actual risk level associated with vendors.”
Before The Alliance was a Bitsight customer, they experienced a cyber attack targeting employee data. Their third-party risk team discovered the breach, and after remediating the damage realized they needed a consistent view over their entire footprint. They reached out to Bitsight and other entities offering other tools in the marketplace. The Alliance was struggling with blind spots in their large pools of data, making determining exposure points unclear and communicating risk exposure across the business difficult. The Alliance selected Bitsight because of the clear methodology, ease of use, and easy integration with other services.
“With all the healthcare regulations, we were focused on our member’s data, but not employee data. We needed to be able to demonstrate to our members, and the regulators, that we know what our risks are,” says Olson Lennon. With Bitsight’s third-party risk and performance monitoring technology, The Alliance is able to confidently manage the unknowns with better access to third-party vendor data. Instead of focusing on previous assumptions about where bad actors would target, their third-party risk team has visibility into their entire network of connected vendors and concentrated risk. With better insight into their entire footprint, The Alliance’s third-party risk team discovered concentrated risk in some of their bigger, more established vendors they presumed to have more secure programs.
The Alliance has strengthened their vendor partnerships using Bitsight’s collaborative tools and technology for proactive remediation. “We’ve been able to alert our vendors of problems before they happen, so they’re aware of the issue before it costs them, and us,” says Olsen Lennon.
Reaching out to their vendors through Bitsight gives The Alliance the ability to assess vendor risk points using the same view of network data, facilitating collaboration and quick remediation. “We save hundreds of hours annually by using Bitsight.”
Healthcare regulatory requirements mean some documents need to be stored and available for up to ten years, which can be difficult without the right organizational tools. Bitsight Vendor Risk Management allows The Alliance to keep historical records of vendor assessment for easy, standard performance tracking over time, fostering trust between the organization and regulators. “Bitsight has been integral in keeping us organized during auditing periods, and when working through regulatory evaluations,” said Olsen Lennon.