A man walks past the University of Vermont health network building

UVHN balances innovation and cybersecurity

PL Staff

How The University of Vermont Health Network makes sure the innovation opportunities that new technology brings are executed safely, mitigating new risks effectively.

Image: Bob LoCicero / Shutterstock

University of Vermont Health Network has used technology to transform the way its services are delivered over recent years, carrying out a number of innovative opportunities to improve patient experience as well as the experiences of its employees. But with new technology, comes risk – and the regional medical group has taken an innovative approach to mitigating that risk.

Staying alert: Establishing cybersecurity awareness

With the rapid growth of connected devices and healthcare data, the importance of cybersecurity has surged for the company. It needed to make sure threats from all angles were covered – and that meant making sure the whole company was on alert.

Building awareness and alignment on cybersecurity required the supply chain team to be integrated into the workflow of IT. This involved ensuring strong procurement practices were built into IT processes, and that procurement activities accounted for cybersecurity at each stage of the process. This means that cybersecurity is central to developing market assessments, and aligning technical requirements with third-party agreements.

Several steps were taken to make this possible:

  • Physically relocating procurement to sit more closely to IT to encourage collaboration and knowledge sharing.
  • Embedding a full-time procurement employee into IT itself so that procurement resources were available on an ongoing basis.
  • Creating virtual groups to work on joint initiatives while staff were working from home during the coronavirus pandemic.

To embed cybersecurity into supplier management, the supply chain leadership team have elevated the cybersecurity criteria in both supplier selection and supplier performance management. A technical standards review board assesses data during the tendering stage and sets a level of importance for cybersecurity criteria. Then third-party decision support companies are used to provide insight into whether a vendor aligns with the resulting security requirements.

Contributing to business continuity planning and disaster recovery

Procurement also worked with the CISO in contributing to the business continuity plan, making sure there is a plan was in place in the event of disruptions, like security breaches or service outages, so that the supply chain doesn’t not grind to a halt. Reports are now carried out after all cyber incidents, assessing alignment between teams, the role of third parties and performance of processes. These are key to identifying weaknesses in existing processes and finding areas for improvement.

Has it worked?

Yes. These initiatives have aligned procurement more closely with IT, as well as led to stronger relationships with key suppliers. Not only this – the alignment between procurement and cybersecurity activities at UVHN is directly leading to better patient outcomes, keeping personal data safe and ensuring the organisation is in a strong position to react to emerging threats.

Hear more from Charles Miceli, Vice President Network Chief Supply Chain Officer of the University of Vermont Health Network, on how their procurement team approaches innovation projects:

The gift that keeps giving: How innovative thinking led to the creation of a stakeholder engagement app, Neptune, and how it’s improved processes >>

Providing the proof: How UVHN’s procurement team evidences revenue contribution for innovation project >>

All about timing: How and when to leverage the connections and innovative ideas that emerge from being part of a community like Procurement Leaders >>

Get your own lite version of the recent report: Procurement as a growth engine partnered by Ivalua here to find out more on how teams are contributing to the top line through innovation.

More insights

Scroll to Top