While many in the healthcare industry have seen the benefits of outsourcing tasks to third-party vendors, a new study cautions that those benefits could come with significant risks.
While data breaches cost providers $2.9 million in recovery, new data from Ponemon Institute and Censinet shows managing vendor risk is far most costly at $3.8 million per provider annually.
Along with ransomware’s resurgence in financial impact and the rise of cryptojacking, attacks via third parties also became more prevalent in 2018, OTA found. The most notable such attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide.
No doubt, all security leaders want to be successful and improve cyberdefenses, no matter how long they stay. But too many quick job changes can become a serious problem on resumes and personal reputations.
If you have any business partners and vendors connected to your internal IT network, you should audit those individuals and entities to ensure they are using appropriate and sufficient IT security solutions. You may have adequate protections in place for your employees and organization, but don’t forget to be sure that your partners do as well.
Oregon Senate Bill 684 extends breach notification obligations to “vendors,” defined as entities who contract with a covered entity to “maintain, store, manage, process or otherwise access personal information.”
This third-party data breach exposed 85.4 GB of security logs from Pyramid Hotel Group.
A day after Quest Diagnostics announced 12 million patients were affected by a data breach, another medical testing company says its patients’ data was also compromised.
A hacker gained access to American Medical Collection Agency’s system, which contained a trove of personal information from its clients, including nearly 12 million patients of Quest Diagnostics.
After outsourcing giant Wipro suffered a phishing incident, attackers used its email system to target the company’s customers. The breach demonstrates the dangers of supply chain and third-party risk.