HSCC releases guide on third-party AI risk, supply chain transparency

The Health Sector Coordinating Council's Cybersecurity Working Group has released a guide on third-party artificial intelligence risk and AI supply chain transparency. The guide includes best practices on AI-driven supply chains for health care, including data lineage tracking, model auditability, embedded third-party dependencies and post-deployment monitoring. The best practices are intended to align with frameworks such as the National Institute of Standards and Technology AI Risk Management Framework. The guide also addresses growing gaps in discovery and disclosure processes that make it challenging to manage AI supply chain risk.

"This guide offers practical, step-by-step guidance for health care organizations to identify existing and evolving instances of AI within their technology supply chains," said John Riggi, AHA national advisor for cybersecurity and risk. "It offers effective strategies to mitigate related cyber and privacy risks, from procurement to deployment. This is especially important as insecure third-party technology, service providers and the supply chain continue to be the primary sources of cyber risk exposure and data breaches in health care."

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.