Third-Party Breach: Why reviewing third party is critical
Meditab a California-based company is an electronic medical records software maker for hospitals, doctor’s offices, and pharmacies etc., it also processes electronic faxes for healthcare providers but due to lack of proper security, thousands of doctor’s notes, medical records, and prescriptions were being leaked on daily basis.
The third-party vendor of Meditab, MedPharm Services, exposed medical data and other real-time personal information on an unsecured fax server.
Later a Dubai base Cyber-Security firm, ‘SpiderSilk’ shared with TechCrunch about the exposed server, the server had over 6 Million records openly available that were being saved on the server since March 2018. The server had personal and professional important information.
Third-Party breaches and errors put the company’s name in bad limelight and also dissolves the firm’s goodwill built for years, this causes financial and reputation losses to the company, thus managing vendor risk as your own is critical. Conducting thorough reviews like third-party due diligence and regular reviews of vendor policies and processes play an important role to help create a compliant and secure workplace. Source: Health IT Security