After a series of data breaches resulting from third-party MOVEit software, industry group Health 3rd Party Trust Initiative is getting together with hospitals to crack down on vendor breaches.
A survey from the group found that 60 percent of covered entities and 72 percent of their vendors believe today's third-party risk management is not effective, according to a July 27 Health3PT news release.
Hospitals are working with Health3PT to identify and implement new tools to minimize third-party risk.
Baltimore-based Johns Hopkins Medicine, Louisville, Ky.-based UofLHealth and Bellaire, Texas-based Harris Health System have all been caught in the MOVEit breach.
"The average cost of a healthcare data breach is around $10 million, including significant judgments that have been recently levied against organizations for violations of HIPAA and PHI privacy rules," John Houston, vice president of information security and privacy at Pittsburgh-based UPMC. "Our experience is that 90 percent of breaches within healthcare involve a third party or a vendor that has a provider's data. At the end of the day, we're all spending a lot of money on third-party risk management, and we're not necessarily sure that we're getting our value out of the money spent."