Third-Party Risk Costs the Healthcare Industry $23.7 Billion a Year
The inability to adequately assess and understand the risks that vendors pose is becoming incredibly costly to healthcare providers, according to a report released today by Censinet and the Ponemon Institute. According to the research, the yearly hidden costs of managing vendor risk is $3.8 million per healthcare provider, far surpassing the $2.9 million that each data breach costs providers. The cost across the healthcare industry is $23.7 billion per year. The research also indicates that 56 percent of healthcare organizations have experienced a data breach introduced by one or more third-party vendors in the last two years.
The report, “The Economic Impact of Third-Party Risk Management in Healthcare,” found that 72 percent of respondents believe the increasing reliance upon third-party medical devices connected to the internet is risky, and 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure. Two out of three respondents believe that current manual risk management processes cannot keep pace with cyber threats and vulnerabilities, while 63 percent believe they cannot keep pace with the proliferation of digital applications and devices. Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party breaches are commonplace and expensive.