September 09, 2019//Tony Howlett
Last Updated: November 19, 2020As the healthcare sector continues to adopt new technologies, their reliance on remote and cloud-based services has also exponentially increased. While relying on third-party vendors to provide more efficiency and state-of-the-art care and management, healthcare providers must also put more emphasis on third-party vendor risk management.
Of course, security is a concern for every industry, but healthcare providers also have strict privacy and compliance requirements under the HIPAA/HITECH Act rules. Yet, healthcare providers are still not doing enough to avoid data breaches and cyberattacks. It’s a big threat to the entire industry with very high costs.
A recently published report by Ponemon Institute and IBM Security shows that the average cost of a data breach in the United States rose to $8.19 million. The U.S. healthcare industry has the highest cost at $15 million. And the average cost of healthcare data breaches is $429 per record, more than twice the cost of any other industry.
Also, ransomware attacks on healthcare institutions have become common because cyber-criminals know that mission-critical patient care systems cannot be offline. Small clinics and large hospitals have been hit by this scourge and many have had no choice but to pay to get their systems back up so patients didn’t suffer. In May 2017, Britain’s National Health Service was infected with ransomware and dozens of locations were temporarily closed due to the virus.
Because HIPAA/HITECH Act regulations also require strict compliance by third-party vendors (business associates), the average healthcare provider spends $3.8 million to manage and mitigate risks from third-party vendors. Even with all that spending, in 2018, 56% of healthcare providers surveyed in the Ponemon study had third-party breaches by one or more third-party vendors within the last two years.
The report shows that there are three main reasons that healthcare providers continue to have insufficient risk mitigation:
To mitigate risks without increasing costs, healthcare providers need to implement third-party remote access solutions that meet the following requirements:
Solutions are available that streamline remote support and provide secure network connections. Some remote access security platforms can eliminate the need to manage network credentials from multiple vendors. Look for platforms that include:
Having this high standard for third-party remote access management can reduce the costs associated with risk mitigation and breach prevention for healthcare providers. The best solutions reduce vulnerabilities while increasing efficiency. For example, here at SecureLink, we were able to help one hospital save over $1 million annually by efficiently managing vendors.
0