Managing third-party risk costs the healthcare industry over $23 billion a year
The ability to adequately assess and understand the risks that vendors pose is a problem for healthcare providers, and a costly one at that, according to a new report.
The study by risk management platform Censinet and the Ponemon Institute shows the yearly hidden cost of managing vendor risk is $3.8 million per healthcare provider, higher than the $2.9 million that each data breach costs providers. This adds up to a total cost across the industry of $23.7 billion.
Based on a survey of a survey of over 550 healthcare IT and security professionals the report finds that 72 percent of respondents believe the increasing reliance on third-party medical devices connected to the internet is risky, and 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure.
Two out of three respondents believe that current manual risk management processes can’t keep pace with cyber threats and vulnerabilities, while 63 percent believe they can’t keep pace with the proliferation of digital applications and devices. Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party breaches are commonplace and
The average healthcare provider has 3.21 dedicated full-time employees spending more than 500 hours per month completing vendor risk assessments. However, the research uncovers that there are significant, additional hidden costs -- including the involvement of information security and risk staff, supply chain managers, clinicians, and line of business managers -- which increase that number to more than 5,000 hours per month spent on managing third-party vendor risk.
"This research confirms that healthcare providers require a better, more cost-effective approach to third-party risk management," says Ed Gaudet, CEO and founder of Censinet. "The adoption of technology in healthcare is more rapid and complicated than ever before. As an industry, we must help providers safely enable cloud applications and medical devices optimized to deliver the quality of care hospitals and their patients expect."
The full report is available from the Censinet site.