Third-Party Risk Costs the Healthcare Industry $23.7 Billion a Year

Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party breaches are commonplace and expensive.

Ed Gaudet | July 10, 2019

Censinet was founded on the promise of improving third-party risk management processes for healthcare providers – procedures that are constantly failing both systems and patients. As a society not only have we lacked the ability to adequately assess and understand the risks that vendors pose, but it has also become an incredibly costly burden to healthcare providers largely due to manual processes that create vast hidden costs as well as the increased proliferation of cloud applications and connected medical devices.

To understand the magnitude of the issue, Censinet and the Ponemon Institute teamed up to conduct a survey of 554 healthcare IT and security professionals who are involved in managing their organizations’ vendor risk management programs and, as expected, the results were disconcerting. Among other data, the study shows a gap of 2.5 times between what vendors budget versus what is actually required to help them keep pace with the growth of cyber threats and vulnerabilities.

Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party breaches are commonplace and expensive. Findings of particulate interest include:

  • 72 percent of respondents believe the increasing reliance upon third-party medical devices connected to the internet is risky
  • 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure
  • Two out of three respondents believe that current manual risk management processes cannot keep pace with cyber threats and vulnerabilities
  • 63 percent believe they cannot keep pace with the proliferation of digital applications and devices

The research also uncovered that there are significant, additional hidden costs associated with data breaches – including the involvement of information security and risk staff, supply chain managers, clinicians, and line of business managers – which increase that number by 10x to 5,040 hours per month that healthcare providers spend managing third-party vendor risk. All told, that amounts to nearly $4 million per year per healthcare provider spent on third-party risk management, at a total cost of almost $24 billion across the industry.  

For those interested in a closer look at the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, and myself will be hosting a live webinar discussing the research and vendor risk management best practices for healthcare providers on July 25th, 2019 at 12PM ET. I invite you to register here.

For more information or to download the full report please visit: https://go.censinet.com/ponemon-third-party-vendor-risk-management-research

Join Mailing List

To learn more about Censinet, please join our mailing list. We'll send you periodic updates about our company, products, customers, innovations and more!

Overthrow the vendor risk management status quo in healthcare.