Atrium Health Data Breach Highlights Lingering Third-Party Exposures

The healthcare industry has poured vast resources into cybersecurity since 2015 when a surge of major cyber breaches began. While the nature of these cyber breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated.

The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutions, shows the healthcare sector remains acutely vulnerable to attacks exploiting third-party contractors even as their first-party security posture hardens.

Healthcare providers must, therefore, take the time to apply a risk-based approach to ensuring their partners have the right security controls in place before they share that data.  Too often, organizations conduct that assessment after the fact, or worse, don’t properly identify which third parties create the most business exposure, making it impossible to apply the proper level of due diligence until it’s too late. It is critical for Atrium Health, and other organizations regardless of size or industry, to gain a better understanding of which of their third parties pose the biggest risk to their data.  Without an up-to-date and validated cyber assessment of each data custodian located within the supply chain, it’s not possible to have confidence in the safety of patient information.

You can read the full article on Byron Acohido’s The Last Watchdog here.

JONATHAN SIMKINS

CHIEF FINANCIAL OFFICER