1
00:00:00,050 --> 00:00:00,590
Case study.

2
00:00:00,590 --> 00:00:06,800
Managing third party risks lessons from medtech solutions I collapse the collapse of a prominent AI

3
00:00:06,830 --> 00:00:12,620
based healthcare provider, MedTech solutions, due to a data breach at one of their third party vendors,

4
00:00:12,620 --> 00:00:18,410
serves as a stark reminder of the importance of managing third party risks in AI deployments.

5
00:00:19,220 --> 00:00:25,220
MedTech solutions had been a pioneer in utilizing AI to predict patient needs and streamline healthcare

6
00:00:25,220 --> 00:00:27,470
services across multiple regions.

7
00:00:27,890 --> 00:00:33,320
The company collaborated with several third party entities, including cloud service providers, data

8
00:00:33,320 --> 00:00:38,630
vendors, and software integration partners to build and maintain their AI systems.

9
00:00:39,050 --> 00:00:45,140
However, their reliance on external parties introduced significant risks that were not adequately managed,

10
00:00:45,140 --> 00:00:47,360
leading to a catastrophic failure.

11
00:00:48,470 --> 00:00:53,000
One of the critical risks medtech solutions encountered was data security.

12
00:00:53,360 --> 00:00:59,720
Their AI system required access to vast amounts of sensitive patient data, which was sourced and processed

13
00:00:59,720 --> 00:01:01,350
by third party vendors.

14
00:01:01,530 --> 00:01:07,320
Unfortunately, one of these vendors suffered a data breach exposing confidential patient information.

15
00:01:07,920 --> 00:01:14,100
This incident led to severe financial losses and irreparable reputational damage for medtech solutions.

16
00:01:14,580 --> 00:01:17,610
How could medtech solutions have prevented this breach?

17
00:01:17,730 --> 00:01:23,010
The answer lies in rigorous vetting and continuous monitoring of third party entities.

18
00:01:23,310 --> 00:01:28,980
By implementing stringent data security standards and regular audits, medtech solutions could have

19
00:01:28,980 --> 00:01:35,190
ensured that their vendors adhered to robust security protocols, mitigating the risk of such breaches.

20
00:01:36,660 --> 00:01:42,540
Another significant challenge faced by medtech solutions was compliance with regulatory requirements.

21
00:01:42,840 --> 00:01:48,840
As they operated across multiple regions, they had to navigate a complex web of data protection laws

22
00:01:48,840 --> 00:01:50,130
and regulations.

23
00:01:50,460 --> 00:01:55,380
One of their third party vendors failed to comply with the European Union's General Data Protection

24
00:01:55,380 --> 00:01:59,040
Regulation, leading to hefty fines for medtech solutions.

25
00:02:00,230 --> 00:02:04,100
What steps could medtech solutions have taken to ensure compliance?

26
00:02:04,130 --> 00:02:08,390
Robust contractual agreements and regular compliance audits were essential.

27
00:02:08,870 --> 00:02:13,820
By clearly defining compliance obligations and contracts and conducting periodic audits.

28
00:02:13,850 --> 00:02:18,950
MedTech solutions could have proactively identified and addressed compliance breaches.

29
00:02:20,720 --> 00:02:25,130
Operational continuity was another area where medtech solutions struggled.

30
00:02:25,370 --> 00:02:30,170
They relied heavily on a third party cloud service provider to host their AI system.

31
00:02:30,560 --> 00:02:36,260
However, frequent downtimes experienced by this provider disrupted the functionality of Medtechs AI

32
00:02:36,260 --> 00:02:40,820
applications, causing operational inefficiencies and financial losses.

33
00:02:41,420 --> 00:02:46,760
What measures could MedTech solutions have implemented to safeguard operational continuity?

34
00:02:47,360 --> 00:02:53,810
Establishing clear service level agreements with defined service standards and penalties for non-compliance

35
00:02:53,810 --> 00:02:55,130
would have been crucial.

36
00:02:55,850 --> 00:03:01,070
Additionally, developing contingency plans and identifying alternative service providers would have

37
00:03:01,070 --> 00:03:05,030
ensured minimal disruption in case of third party service failures.

38
00:03:07,010 --> 00:03:12,500
Ethical considerations in AI deployment also posed a significant risk for medtech solutions.

39
00:03:12,500 --> 00:03:18,260
Their AI model, used to predict patient needs, exhibited racial bias due to biased data from third

40
00:03:18,260 --> 00:03:19,280
party sources.

41
00:03:19,310 --> 00:03:25,640
This led to unfair and discriminatory outcomes, undermining the ethical integrity of their AI system.

42
00:03:25,940 --> 00:03:29,210
How could medtech solutions have addressed these ethical concerns?

43
00:03:30,230 --> 00:03:36,140
Implementing thorough validation processes to detect and mitigate biases introduced by third party data

44
00:03:36,140 --> 00:03:37,160
was necessary.

45
00:03:37,490 --> 00:03:42,590
Techniques such as fairness aware machine learning and regular audits of data sources and pre-processing

46
00:03:42,590 --> 00:03:47,690
methods could have helped identify and correct biases, ensuring ethical AI deployment.

47
00:03:50,420 --> 00:03:54,980
Intellectual property risks were another area of concern for medtech solutions.

48
00:03:55,550 --> 00:04:00,640
Their AI system incorporated Operated proprietary algorithms and technologies that needed protection

49
00:04:00,640 --> 00:04:03,130
against unauthorized use or theft.

50
00:04:03,850 --> 00:04:09,850
Engaging with third parties without clear IP agreements posed a significant risk of IP theft, leading

51
00:04:09,880 --> 00:04:12,640
to competitive disadvantages and legal disputes.

52
00:04:12,940 --> 00:04:16,630
What steps could medtech solutions have taken to protect their IP?

53
00:04:16,930 --> 00:04:23,170
Clear IP agreements delineating ownership and usage rights of developed technology were essential by

54
00:04:23,170 --> 00:04:27,040
ensuring that third parties had robust IP protection measures in place.

55
00:04:27,070 --> 00:04:30,640
MedTech solutions could have mitigated the risk of IP theft.

56
00:04:32,500 --> 00:04:38,440
Interoperability and integration testing were critical for the seamless operation of Med Techs AI system.

57
00:04:39,010 --> 00:04:44,800
However, they face significant challenges in integrating third party software and services, leading

58
00:04:44,830 --> 00:04:47,650
to system failures and degraded performance.

59
00:04:48,400 --> 00:04:52,330
How could med tech solutions have ensured robust interoperability?

60
00:04:52,960 --> 00:04:58,370
Comprehensive testing protocols to validate that all third party components functioned correctly within

61
00:04:58,370 --> 00:05:04,880
the AI ecosystem were vital joint testing efforts with third parties, and the use of standardized integration

62
00:05:04,880 --> 00:05:10,520
frameworks could have ensured smooth operation and prevented integration issues.

63
00:05:11,780 --> 00:05:17,720
Continuous monitoring and performance assessment of third party entities were essential for effective

64
00:05:17,720 --> 00:05:18,860
risk management.

65
00:05:19,370 --> 00:05:25,340
However, medtech solutions lacked a robust monitoring system, leading to undetected anomalies and

66
00:05:25,340 --> 00:05:26,660
potential risks.

67
00:05:27,470 --> 00:05:31,730
What tools could medtech solutions have employed for continuous monitoring?

68
00:05:32,240 --> 00:05:37,490
Automated monitoring tools such as security information and event management systems could have provided

69
00:05:37,490 --> 00:05:40,370
continuous oversight of third party activities.

70
00:05:40,400 --> 00:05:46,310
What ensuring prompt identification and corrective actions for any deviations from expected behavior.

71
00:05:47,720 --> 00:05:53,630
Effective communication and collaboration with third party entities were pivotal for managing risks.

72
00:05:54,050 --> 00:06:00,030
However, medtech solutions struggled with establishing transparent communication channels, leading

73
00:06:00,060 --> 00:06:03,900
to delayed issue resolution and operational inefficiencies.

74
00:06:04,830 --> 00:06:08,940
How could medtech solutions have fostered better communication with third parties?

75
00:06:09,720 --> 00:06:15,120
Establishing regular meetings and updates, along with transparent communication channels, would have

76
00:06:15,120 --> 00:06:17,400
fostered a collaborative relationship.

77
00:06:18,360 --> 00:06:23,880
Proactive risk management and continuous improvement of third party practices could have been achieved

78
00:06:23,880 --> 00:06:25,650
through effective communication.

79
00:06:27,600 --> 00:06:33,900
Lastly, fostering a culture of risk awareness and accountability within medtech solutions was crucial.

80
00:06:34,500 --> 00:06:40,440
However, employees and stakeholders involved in managing third party relationships were not adequately

81
00:06:40,440 --> 00:06:43,500
trained in risk management principles and practices.

82
00:06:44,100 --> 00:06:48,030
How could medtech solutions have enhanced risk awareness and accountability?

83
00:06:48,510 --> 00:06:54,510
Providing regular training and resources to employees and stakeholders could have enhanced their ability

84
00:06:54,510 --> 00:07:01,150
to identify and mitigate third party risks, effectively establishing clear accountability structures.

85
00:07:01,150 --> 00:07:06,610
Ensuring individuals responsible for third party management were held accountable for their performance

86
00:07:06,640 --> 00:07:07,990
would have been essential.

87
00:07:10,540 --> 00:07:16,330
In conclusion, the collapse of medtech solutions underscores the importance of managing third party

88
00:07:16,330 --> 00:07:23,260
risks in AI deployments by addressing data security, regulatory compliance, operational continuity,

89
00:07:23,260 --> 00:07:29,230
ethical considerations, intellectual property protection, interoperability, and performance assessment.

90
00:07:29,230 --> 00:07:33,820
Organizations can mitigate the risks associated with third party involvement.

91
00:07:34,210 --> 00:07:39,850
Implementing these strategies not only safeguards the AI systems integrity and performance, but also

92
00:07:39,850 --> 00:07:44,020
ensures compliance with regulatory standards and ethical principles.

93
00:07:44,920 --> 00:07:51,160
Effective third party risk management is thus an integral component of AI governance that underpins

94
00:07:51,160 --> 00:07:54,910
the successful and sustainable deployment of AI systems.