St. Luke’s Health System in Boise, Idaho had to notify patients of a data breach that took place in May at its billing services vendor, Kaye-Smith. Over 31,500 patients had not only their health information compromised, but also financial and personal details.
This kind of breach puts all the patients at higher risk for identity fraud, targeted scams, and financial compromise, and is a clear violation of privacy laws. While the breach took place with their vendor, the hospital too will face the consequences and suffer reputational damage as a result of their vendor’s less-than-effective data security. Every organization is responsible for securing their organization against supply chain risks.
Whilst it may seem impossible to assess the security of all your vendors, 3rd party solutions exist to do just that. You can choose which vendors you work with according to their security standards and thereby protect your own data. Assess your supply chain and ensure the companies you open up your network to, do not let you down.
Vendor risk management is an aspect of your overall risk management program that should not be overlooked. Every vendor you work with increases your attack surface, so be proactive towards your security and empower your vendors to improve theirs. Our risk management experts have put together a guide to effective vendor risk management:
https://www.centraleyes.com/supply-chain-vendor-risk-assessment-the-definitive-guide/
