Third-Party Risk Costs the Healthcare Industry $23.7 Billion a Year
Post Summary
$23.7 billion per year.
Manual processes are inefficient and cannot keep pace with the growing number of cyber threats, vulnerabilities, and connected devices.
Internet-connected medical devices (72% of experts see them as risky). Cloud adoption combined with connected devices (68% cite significant cyber risk).
5,040 hours per month per provider, costing nearly $4 million annually.
Automating risk assessments and remediation processes. Adopting vendor risk management best practices, as outlined in Censinet and Ponemon Institute's research.
Censinet was founded on the promise of improving third-party risk management processes for healthcare providers – procedures that are constantly failing both systems and patients. As a society not only have we lacked the ability to adequately assess and understand the risks that third-party vendors pose, but it has also become an incredibly costly burden to healthcare providers largely due to manual processes that create vast hidden costs as well as the increased proliferation of cloud applications and connected medical devices.
To understand the magnitude of the issue, Censinet and the Ponemon Institute teamed up to conduct a survey of 554 healthcare IT and security professionals who are involved in managing their organizations’ third-party healthcare vendor risk management programs and, as expected, the results were disconcerting. Among other data, the study shows a gap of 2.5 times between what third-party vendors budget versus what is actually required to help them keep pace with the growth of cyber threats and vulnerabilities.
Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party vendor breaches are commonplace and expensive. Findings of particulate interest include:
- 72 percent of respondents believe the
increasing reliance upon third-party medical devices connected to the internet
is risky - 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure
- Two out of three respondents believe that current manual risk management processes cannot keep pace with cyber threats and vulnerabilities
- 63 percent believe they cannot keep pace with the proliferation of digital applications and devices
The research also uncovered that there are significant, additional hidden costs associated with data breaches – including the involvement of information security and risk staff, supply chain managers, clinicians, and line of business managers – which increase that number by 10x to 5,040 hours per month that healthcare providers spend managing third-party vendor risk. All told, that amounts to nearly $4 million per year per healthcare provider spent on third-party risk management solutions, at a total cost of almost $24 billion across the industry.
For those interested in a closer look at the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, and myself present the research data and discuss vendor risk management best practices for healthcare providers in our webinar on demand, The Economic Impact of Third-Party Risk Management in Healthcare: Ponemon Research. Email us to watch.
For more information or to download the full report please visit: https://censinet.com/ponemon-research-report-the-economic-impact-of-third-party-risk-management-in-healthcare/
Key Points:
What is the financial impact of third-party risk on the healthcare industry?
- Third-party risks cost the healthcare industry a staggering $23.7 billion annually.
- Hidden costs, such as manual processes, inefficiencies, and increased cyber risks from connected devices, escalate expenses for providers.
Why are current third-party risk management processes failing healthcare providers?
- Manual processes dominate, leading to inefficiencies and hidden costs.
- 63% of healthcare professionals say they cannot keep pace with the proliferation of digital applications and connected devices.
- Two-thirds of respondents believe current processes cannot address the rising cyber threats and vulnerabilities effectively.
How do connected medical devices and cloud adoption increase cybersecurity risks?
- 72% of respondents believe internet-connected medical devices pose significant risks.
- 68% of respondents highlight that moving to the cloud while connecting medical devices increases cyber risk exposure.
- The integration of digital and cloud technologies outpaces organizational capabilities to manage and secure them effectively.
What are the hidden costs tied to third-party vendor risk management?
- Healthcare providers spend approximately 5,040 hours per month managing third-party vendor risks.
- These efforts cost nearly $4 million per year per provider, adding up to $24 billion across the healthcare industry.
- Hidden costs include time spent by information security staff, supply chain managers, clinicians, and other personnel.
What solutions can healthcare providers adopt to improve third-party risk management?
- Automating risk assessments and remediation processes can reduce inefficiencies and hidden costs.
- Implementing best practices for vendor risk management, as discussed in Censinet's webinar with Dr. Larry Ponemon, can help providers address these challenges effectively.
Where can I learn more about vendor risk management best practices?
- Censinet offers a webinar, The Economic Impact of Third-Party Risk Management in Healthcare: Ponemon Research, where Dr. Larry Ponemon and Censinet leadership discuss key findings and solutions. Email Censinet to access the webinar on demand.
