Health Care IT Security a Major Issue for Vendors | eWeek

Health Care IT Security a Major Issue for Vendors

Health Care IT Security a Major Issue for Vendors
Écrit par
Nathan Eddy
Nathan Eddy
Jul 14, 2014
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

While most health care organizations focus due diligence on their largest vendors, more than half of data breaches are attributed to small businesses, according to a CORL Technologies survey on the security level of vendors in the health care industry.

The report revealed that the majority of health care vendors lack minimum security, which is illuminated by the fact that more than 58 percent scoring in the “D” grade range for their culture of security.

In fact, only 4 percent of vendors scored in the “A” high confidence grade range, while 16 percent scored in the “B” moderate confidence grade range and 14 percent scored in the “C” indeterminate confidence grade range.

“The average hospital’s data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services,” Cliff Baker, CEO of CORL Technologies, said in a statement. “When health care and industry organizations don’t hold vendors accountable for minimum levels of security, these vendors establish an unlocked backdoor to sensitive health care data.”

Even more surprising, health care organizations are not holding vendors accountable for meeting even the minimum acceptable standards, and only 32 percent of vendors have security certifications.

More than half of vendors providing services to an average health care organization are small to medium sized businesses (SMBs) with less than 1,000 employees.

According to security software specialist Symantec’s 2014 Internet Security Threat Report, targeted attacks aimed at small businesses accounted for 30 percent of targeted spear-phishing attacks.

Building on this problem, a PricewaterhouseCoopers (PwC) cyber-crime survey released last month highlighted the fact that business partners fly under the security radar.

Just 44 percent of organizations have a process for evaluating third parties before launch of business operations and only 31 percent include security provisions in contracts with external vendors and suppliers.

“Third-party breaches and regulations are increasing drastically in the health care industry, but effective third-party security risk management is expensive, time consuming, and resource intensive. CORL is in a unique position to have access to security data across the health care vendor ecosystem,” Baker said. “We hope to use this information to illuminate gaps and provide recommendations to health care organizations and vendors alike that will help improve their risk management processes – and, ultimately, improve their overall security and risk posture.”

The Vendor Intelligence Report, which kicks off a new series of studies to be published by the CORL research team, is based on the analysis of security related practices for a sample of more than 150 vendors providing services to leading health care organizations from June 2013 to June 2014.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.