HSCC Releases Guide on AI Supply Chain Risks in Healthcare

Severity: Medium (Score: 42.9)

Sources: Techinformed, www.aha.org

Summary

The Health Sector Coordinating Council's Cybersecurity Working Group has published a guide addressing third-party artificial intelligence risks and supply chain transparency for healthcare organizations. This guide outlines best practices for managing AI-driven supply chains, focusing on data lineage tracking, model auditability, and post-deployment monitoring. It aims to align with the National Institute of Standards and Technology's AI Risk Management Framework and addresses gaps in discovery and disclosure processes that complicate AI supply chain risk management. John Riggi from AHA emphasized the importance of this guide in mitigating cyber and privacy risks associated with third-party technology providers. The guide follows a workstream previewed in November 2025 and highlights the significant exposure of healthcare organizations to ransomware incidents involving business associates. The guide provides practical strategies for procurement, vendor vetting, and monitoring to enhance cybersecurity in healthcare. Key Points: • HSCC's guide focuses on managing AI supply chain risks in healthcare. • Best practices include data lineage tracking and model auditability. • Healthcare organizations face significant ransomware risks from third-party vendors.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• MMG Fusion (company)
• aha.org (domain)
• Healthcare (industry)