Video frame of Geoff holding the 2020 Healthcare Data Breach Intelligence Report

How To Approach Vendor Risk Management

In my latest video below I discuss the largest healthcare data breach of 2019 and how organizations should approach vendor risk management to manage the risk that your vendors present to you.

63% of all healthcare data breached in 2019 was due to the breach of one third-party collection agency, American Medical Collection Agency (ACMA). This breach affected Quest Diagnostics, LabCorp, and 21 other covered entities. ACMA and its parent company have since filed for chapter 11 bankruptcy and the 23 affected organizations are left to deal with the fallout.

Having a business associate / vendor agreement in place is not enough. Organizations need processes in place to validate the security and practices of their vendors. Not all vendors are equal in terms of risk. Focus your more thorough validation on the vendors that present the most risk to your organization. Perhaps this is a vendor that has access to the largest volume of your critical data. Perhaps this is a vendor that performs a highly trusted function.

Learn more about the ACMA breach and how we should approach vendor risk management with my video below.