Healthcare Vendors Identified as the “Unlocked Backdoor to Healthcare Data”
PR Web |
CORL Technologies, a leading provider of Vendor Security Risk Management (VSRM) solutions, today announced the results of the first Vendor Intelligence Report that rates the security level of vendors in the healthcare industry. The report reveals that the majority of healthcare vendors lack minimum security, which is illuminated by the fact that more than 58% scoring in the "D" grade range for their culture of security. The report also highlights that healthcare organizations are failing to hold vendors accountable for meeting minimum acceptable standards or otherwise mitigate vendor-related security weaknesses.
"The average hospital's data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services," said
These new findings are critical to addressing the growing number of security incidents at companies attributed to partners and vendors – which increased from 20% in 2010 to 28% in 2012 according to
The Vendor Intelligence Report, which kicks off a new series of studies to be published by the CORL research team, is based on the analysis of security related practices for a sample of over 150 vendors providing services to leading healthcare organizations from
The four key trends and supporting data that emerged from the analysis include:
The Majority Of Healthcare Vendors Lack Minimum Security Practices To Protect Data.
? Fifty-eight percent of vendors scored in the "D" grade range and 8% scored
? Even more surprising, healthcare organizations are not holding vendors accountable for meeting even the minimum acceptable standards. Only 32% of vendors have security certifications. Typical certifications include FedRAMP, HITRUST, ISO 27001, SSAE-16, SOC 2 and 3.
Healthcare Organizations Are Unaware Of All The Vendors That Have Access To Their Data.
? An average hospital's data is accessible by hundreds to thousands of vendors providing a wide range of services: from business services, consulting, claims processing and education to Electronic Health Record (EHR), healthcare and medical supplies technologies and products to network and security software.
Healthcare Organizations have an Overwhelming Number of Small Vendors to Manage.
? Over fifty percent of vendors providing services to an average healthcare organization are small to medium sized businesses with less than 1000 employees.
? According to
Existing Practices At Healthcare Organizations Do Little To Mitigate Vendor Related Security Weaknesses.
? Vendor due diligence by healthcare organizations is not aligned with risks. Most healthcare organizations focus due diligence on their largest vendors - yet over half of breaches are attributed to small businesses.
? In fact most organizations do not have a risk program in place at all and executives are not appropriately made aware of the exposure or efforts to mitigate risk.
"We rely on critical healthcare services provided by partners that have access to PHI. These partners must take greater responsibility for protecting this information. We are looking for methods to assure each other that we protect patient data properly," said
"Although the HIPAA Omnibus Rule identifies that the individual actors are responsible in the event of a breach, if it is my organization's data that is made public, the source does not matter. It was my responsibility to have protected it, so says our customer. We can no longer rely on the actions of others to keep us off the front page," said
"Third-party breaches and regulations are increasing drastically in the healthcare industry, but effective third-party security risk management is expensive, time consuming, and resource intensive. CORL is in a unique position to have access to security data across the healthcare vendor ecosystem. We hope to use this information to illuminate gaps and provide recommendations to healthcare organizations and vendors alike that will help improve their risk management processes – and, ultimately, improve their overall security and risk posture," added Baker.
To download the full report visit: http://www.vendorsecurityrm.com/resources/healthcare-vendor-intelligence-report/.
About CORL
CORL is an innovative and leading provider of Vendor Security Risk Management solutions. The organization was founded to address the need for vendor security intelligence. Delivered as a managed service and supported by an expert team of research analysts and a collaborative intelligence sharing community, CORL's Vendor Security Risk Management solutions are used alone or as part of a larger Vendor Risk Management program and GRC solution. With CORL, organizations can leverage intelligence to understand and monitor risk with its vendors, ease compliance audits and improve executive-level communications and risk analytics reporting. Customers of its flagship product include many of the nation's largest companies. Visit CORL at http://www.corltech.com or follow
Read the full story at http://www.prweb.com/releases/2014/06/prweb11977024.htm
Copyright: | (c) 2014 PRWEB.COM Newswire |
Wordcount: | 984 |
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News