Third-Party Risk Costs the Healthcare Industry $23.7 Billion a Year

healthcare costs

Censinet was founded on the promise of improving third-party risk management processes for healthcare providers – procedures that are constantly failing both systems and patients. As a society not only have we lacked the ability to adequately assess and understand the risks that third-party vendors pose, but it has also become an incredibly costly burden to healthcare providers largely due to manual processes that create vast hidden costs as well as the increased proliferation of cloud applications and connected medical devices.

To understand the magnitude of the issue, Censinet and the Ponemon Institute teamed up to conduct a survey of 554 healthcare IT and security professionals who are involved in managing their organizations’ third-party healthcare vendor risk management programs and, as expected, the results were disconcerting. Among other data, the study shows a gap of 2.5 times between what third-party vendors budget versus what is actually required to help them keep pace with the growth of cyber threats and vulnerabilities.

Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party vendor breaches are commonplace and expensive. Findings of particulate interest include:

  • 72 percent of respondents believe the
    increasing reliance upon third-party medical devices connected to the internet
    is risky
  • 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure
  • Two out of three respondents believe that current manual risk management processes cannot keep pace with cyber threats and vulnerabilities
  • 63 percent believe they cannot keep pace with the proliferation of digital applications and devices

The research also uncovered that there are significant, additional hidden costs associated with data breaches – including the involvement of information security and risk staff, supply chain managers, clinicians, and line of business managers – which increase that number by 10x to 5,040 hours per month that healthcare providers spend managing third-party vendor risk. All told, that amounts to nearly $4 million per year per healthcare provider spent on third-party risk management solutions, at a total cost of almost $24 billion across the industry.

For those interested in a closer look at the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, and myself present the research data and discuss vendor risk management best practices for healthcare providers in our webinar on demand, The Economic Impact of Third-Party Risk Management in Healthcare: Ponemon Research.

For more information or to download the full report please visit:

More Censinet News

Digital Marketing Manager

Censinet is the leading provider of healthcare IT risk solutions. Censinet RiskOps, our software-as-a-service platform, helps the top healthcare providers in the United States work with their worldwide vendor and supplier community to ensure that health information is protected and continuous... READ MORE
Healthcare Investments Image

Investing in Healthcare Cybersecurity in 2022

As 2021 comes to an end, Healthcare IT leaders begin to prepare and discuss their organization’s investment plans for the upcoming year. As an industry, the increasing number of healthcare data breaches and cyberattacks have (1) highlighted the need for better patient, data, and supply chain... READ MORE

Log4j: Meet the new zero-day, same as the old zero-day

What is the Log4j issue? The Apache Log4j 2 utility is a commonly used service component for logging requests for audit and review purposes. Log4J, written in Java, supports many projects, including multiple cloud services and various open-source and commercial enterprise products.  On December 9,... READ MORE

Discover What You Can Do

Discover What You Can Do

Let's chat about your priorities, what your process is like today, areas that you want to improve, and any gaps you would like to close. Learn More