Third-Party Risk, Bug Submissions Up for Healthcare

Written by

Healthcare providers are finding it increasingly more difficult to assess and understand the risks posed by vendors, according to a new report released today by Censinet and the Ponemon Institute

The report, The Economic Impact of Third-Party Risk Management in Healthcare, surveyed 554 healthcare IT and security professionals and found that these challenges are becoming more costly for healthcare providers, with the yearly hidden costs of managing vendor risk reportedly ringing in at $3.8 million per healthcare provider. On average, each healthcare provider has 1,320 vendors under contract, yet only 36% of respondents said they are able to effectively prioritize vendor risks and only 27% said they assess all of their vendors annually.

That cost from third-party risks is in excess of the $2.9 million that a data breach costs providers; however, the report also stated that over the last two years, 56% of healthcare organizations have experienced a data breach that had been introduced by one or more third-party vendors. As a result, the cost across the healthcare industry is $23.7 billion per year, according to the report. 

“This research confirms that healthcare providers require a better, more cost-effective approach to third-party risk management,” said Ed Gaudet, CEO and founder of Censinet. “The adoption of technology in healthcare is more rapid and complicated than ever before. As an industry, we must help providers safely enable cloud applications and medical devices optimized to deliver the quality of care hospitals and their patients expect.”  

“It’s clear that healthcare providers are in a tough spot. The number of vendors they rely on is increasing at the same time the threats those vendors pose are escalating in frequency and severity, so it’s easy to see how managing these risks has become an overwhelming problem,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “But it’s not all bad news – we can very clearly see an opportunity with automation for healthcare providers to monitor, measure and mitigate the scourge of third-party breaches that continues to plague their industry.”

In related news, new research, The State of Healthcare Cybersecurity, from Bugcrowd found that vulnerability submission in the healthcare industry jumped 340.5% over the past year. “While we see an uptick in submissions in Q2 year-on-year, we are on track to see a steady increase in vulnerability again this year. Across programs run by healthcare organizations, more than 12% of all submissions are classified by the organization as P1 submissions, the most critical vulnerabilities, and the majority of the vulnerability submissions fall in the P3 level of criticality, just over 42%,” a Bugcrowd spokesperson wrote in an email.

What’s hot on Infosecurity Magazine?