Third-Party Risk Costs the Healthcare Industry $23.7 Billion a Year

Censinet was founded on the promise of improving third-party risk management processes for healthcare providers – procedures that are constantly failing both systems and patients. As a society not only have we lacked the ability to adequately assess and understand the risks that third-party vendors pose, but it has also become an incredibly costly burden to healthcare providers largely due to manual processes that create vast hidden costs as well as the increased proliferation of cloud applications and connected medical devices.

To understand the magnitude of the issue, Censinet and the Ponemon Institute teamed up to conduct a survey of 554 healthcare IT and security professionals who are involved in managing their organizations’ third-party healthcare vendor risk management programs and, as expected, the results were disconcerting. Among other data, the study shows a gap of 2.5 times between what third-party vendors budget versus what is actually required to help them keep pace with the growth of cyber threats and vulnerabilities.

Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party vendor breaches are commonplace and expensive. Findings of particulate interest include:

  • 72 percent of respondents believe the
    increasing reliance upon third-party medical devices connected to the internet
    is risky
  • 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure
  • Two out of three respondents believe that current manual risk management processes cannot keep pace with cyber threats and vulnerabilities
  • 63 percent believe they cannot keep pace with the proliferation of digital applications and devices

The research also uncovered that there are significant, additional hidden costs associated with data breaches – including the involvement of information security and risk staff, supply chain managers, clinicians, and line of business managers – which increase that number by 10x to 5,040 hours per month that healthcare providers spend managing third-party vendor risk. All told, that amounts to nearly $4 million per year per healthcare provider spent on third-party risk management solutions, at a total cost of almost $24 billion across the industry.

For those interested in a closer look at the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, and myself present the research data and discuss vendor risk management best practices for healthcare providers in our webinar on demand, The Economic Impact of Third-Party Risk Management in Healthcare: Ponemon Research.

For more information or to download the full report please visit:

More Censinet News

Discover What You Can Do

Discover What You Can Do

Let's chat about your priorities, what your process is like today, areas that you want to improve, and any gaps you would like to close. Learn More