BitSight responds to third-party healthcare breach exposing 31,000 records

The healthcare industry continues to be target of cyberattacks, with Managed Health Services (MHS) of Indiana Health Plan reporting that a third-party data breach of its vendor, LCP Transportation, exposed up to 31k patients’ information.

Jake Olcott, VP Communications and Government Affairs at BitSight, comments below:

“With medical data and personal patient information migrating to the digital world, and cyberattacks growing in complexity, the regulatory landscape is evolving. Third-party breaches, like the recent incident involving Managed Health Services (MHS), demonstrate companies should be more concerned about the security posture of their business associates—and the maturity of their vendor risk management (VRM) program—than ever before.

Simple contractual provisions are not enough to manage this risk: healthcare organisations must perform robust diligence assessments and continuously monitor third party business relationships to prevent catastrophic failure.

The issues and complexities that today’s healthcare organisations face aren’t waning. Vendor ecosystems are expanding, the number of patients is increasing, and business demands are growing. Organisations need to create scalable programs to manage the risk.”



Article Link: