Hospitals looks to minimize 3rd party cyber risk

After a series of data breaches resulting from third-party MOVEit software, industry group Health 3rd Party Trust Initiative is getting together with hospitals to crack down on vendor breaches.

A survey from the group found that 60 percent of covered entities and 72 percent of their vendors believe today's third-party risk management is not effective, according to a July 27 Health3PT news release.

Hospitals are working with Health3PT to identify and implement new tools to minimize third-party risk.

Baltimore-based Johns Hopkins Medicine, Louisville, Ky.-based UofLHealth and Bellaire, Texas-based Harris Health System have all been caught in the MOVEit breach.

"The average cost of a healthcare data breach is around $10 million, including significant judgments that have been recently levied against organizations for violations of HIPAA and PHI privacy rules," John Houston, vice president of information security and privacy at Pittsburgh-based UPMC. "Our experience is that 90 percent of breaches within healthcare involve a third party or a vendor that has a provider's data. At the end of the day, we're all spending a lot of money on third-party risk management, and we're not necessarily sure that we're getting our value out of the money spent."

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars