Ponemon Research Report: Are Risk Assessments Failing to Secure the Third-Party Healthcare Ecosystem?

More than half of all healthcare vendors have experienced a data breach that exposed protected health information (PHI), and it’s a costly problem that points to broken third-party risk assessment processes.

Ponemon Institute surveyed 534 IT and IT security professionals in companies that provide such products as security software, clinical applications, IoT devices, medical devices or services such as outsourced IT, business consulting and payroll providers. All companies in this research are required by healthcare providers to conduct risk assessments. According to the findings, these risk assessments are costly and time-consuming and on average become outdated within three months.

Read the research report to find key results including:

A whopping 54 percent of healthcare vendors have experienced at least one data breach of protected health information belonging to patients of the healthcare providers they serve.
Of the 54 percent respondents, 41 percent experienced six or more data breaches over the past two years.
The average breach costs $2.75 million and exposes nearly 10,000 records.
Only 36 percent of vendors would immediately notify providers if they confirmed a data breach that involved their PHI.

Healthcare vendors and providers must move from simply checking a box to changing the culture. This is an industry-wide problem and as such Censinet is providing a new, collaborative approach that makes it easy for healthcare vendors and providers to band together and take action, implementing policies, procedures and controls that reduce risk holistically.