today s webinar the economic impact of third party risk
play

Todays Webinar The Economic Impact of Third-Party Risk Management - PowerPoint PPT Presentation

Aug 20, 2022 •278 likes •546 views

Todays Webinar The Economic Impact of Third-Party Risk Management in Healthcare 1 Todays Presenters Dr. Larry Ponemon Ed Gaudet Chairman and Founder CEO and Founder Ponemon Institute Censinet egaudet@censinet.com 2 Agenda

  1. Today’s Webinar The Economic Impact of Third-Party Risk Management in Healthcare 1

  2. Today’s Presenters Dr. Larry Ponemon Ed Gaudet Chairman and Founder CEO and Founder Ponemon Institute Censinet egaudet@censinet.com 2

  3. Agenda • Macro IT Trends in Healthcare • Research Overview • Key Findings – The Problem • Key Findings – The Bigger Problem • Recommendations 3

  4. Macro IT Trends in Healthcare Protect Provider PHI Satisfaction Cloud Adoption Tight Security Medical Devices Budgets Limited Mobile, AI, Resources Blockchain Streamline Security 4

  5. Research Overview • Ponemon Institute surveyed 554 IT and IT security professionals in healthcare companies involved in managing their organizations’ vendor risk management programs (VRMP). • All organizations represented in the study have VRMPs. respondents by operating structure respondents by department or function 3% 3% 2% 1% 12% Information technology Hospital or clinic that is part of a healthcare 4% system Clinical staff 29% 4% 32% Patient services Integrated Delivery System Compliance 16% 8% Procurement Network Medical informatics Risk management 8% Standalone hospital Legal Records management Human resources Standalone clinic 17% Privacy 18% 17% 26% 5

  6. Key Findings – The Problem The State of Vendor Risk Management in Healthcare 56% of Providers have had one or more third-party data breaches over the past two years. Average cost of $2.9 million. 6

  7. Key Findings The State of Vendor Risk Management in Healthcare • 3.21 full-time employees are fully dedicated to completing vendor risk assessments • 513 hours spent monthly completing assessments • Healthcare providers have an average of 1,320 vendors under contract, but just 27% said that they assess all vendors annually • 53% say their organizations allocate an average of 17 percent (~$2 million) of the cybersecurity budget for vendor risk management programs. • Respondents estimate it costs an average of $5 million to implement all four controls • 40% percent say vendor assessments are very valuable in terms of providing actionable insights that can be reported to the C-suite and board of directors • 42% say these assessments are somewhat valuable in providing information on what actions their organization should take 7

  8. Key Findings The State of Vendor Risk Management in Healthcare Health systems are Senior executives & Current risk at risk of a data business owners are processes are costly, breach because they permitted to go inefficient, and don’t around the vendor are unable to reduce exposure to complete risk risk management data breaches or assessments of all process. downtime. vendors. 76 % 59 % 54 % 8

  9. The importance and effectiveness of vendor risk management control practices 86% Data breach cyber exploit response procedures 33% 80% Prioritization of vendor risks 36% 72% Enforcement of non-compliance with security requirements 39% 71% Assessment of regulatory compliance 34% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Importance of vendor risk management control practices Effectiveness of vendor risk management control practices Controls are considered important but not very effective. 9

  10. Perceptions about third-party vendor risks Strongly agree and Agree responses combined An increase in investigations and fines from HHS and OCR due to deficiencies in vendor risk 66% management Current manual risk management processes cannot 65% keep pace with of cyber threats and vulnerabilities Current manual risk management processes cannot keep pace with the proliferation of digital 63% applications and devices Third-party vendor risks are reported to the Board of 34% Directors 0% 10% 20% 30% 40% 50% 60% 70% Risk management practices are not keeping pace with third-party security vulnerabilities. 10

  11. Perceptions about vendor risk assessments Strongly agree and Agree responses combined Time spent on vendor risk assessments takes 60% resources away from important tasks Required under HIPAA to annually assess the 60% risk of third-party vendors Regulations mandate that every healthcare provider identify, assess, monitor and mitigate 58% risks caused by third-parties Inefficient risk management workflows that rely upon spreadsheets, emails and other manual 44% processes are automated to save time 100% of vendors are assessed annually 27% 0% 10% 20% 30% 40% 50% 60% 70% Most healthcare organizations believe they are required to assess vendor risks, but only 27% assess all vendors. 11

  12. The cloud and Internet increase third-party risks Strongly agree and Agree responses combined Healthcare providers increasingly rely upon third- party medical devices connected to the internet that 72% are inherently risky Moving to the cloud while connecting medical devices to the internet creates significant cyber risk 68% exposure Third-party vendors account for the majority of all 50% data breaches experienced over the past two years 0% 10% 20% 30% 40% 50% 60% 70% 80% The use of medical devices is increasing third-party risk. 12

  13. Not completing all vendor assessments puts organizations at risk Strongly agree and Agree response combined Senior executives/business owners are permitted to go around third-party vendor risk 59% assessment process to secure a lucrative business relationship Our organization is at risk because we are unable to complete risk assessments of all our 54% vendors 0% 10% 20% 30% 40% 50% 60% 70% Senior executives are permitted to avoid conducting an assessment to secure a lucrative business relationship. 13

  14. Which function benefits most from a well-functioning vendor risk management process or program? Three responses permitted Clinical departments 75% Procurement/purchasing 61% Compliance 59% Legal (OGC) 45% Risk management 34% CEO/COO 31% CFO/ finance 26% CISO/CSO 26% CIO 23% CTO 8% Board of directors 8% Other 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% Clinical departments benefit the most from an effective vendor risk management program. 14

  15. Vendor types that pose the highest risk Four responses permitted Clinical applications 56% Cloud providers 53% Clinical researchers 47% Application developers 41% Business consultants 33% Outsourced IT 32% Medical device manufacturers 31% Back-office applications 20% Outsourced or co-located data centers 20% Payment processors 19% Outsourced HR 19% Payroll providers 17% Affiliated practices 8% Other 4% 0% 10% 20% 30% 40% 50% 60% Vendors that provide clinical applications and cloud providers pose the highest risk. 15

  16. The percent of respondents that would remediate or terminate 25% 33% 20% 15% 28% 10% 5% 0% Respondents that would Respondents that would mitigate or remediate the terminate the relationship with security gap the vendor Vendor’s security gaps are not addressed following an assessment. 16

  17. The percent of vendor assessments that result in disqualification or requirement to remediate 25% 21% 20% 15% 11% 10% 5% 0% Third-party assessments that result in a Third-party assessments that result in requirement to remediate prior to doing disqualification prior to doing business with business with them them 1 in 5 assessments result in remediation, and we know that 59% of organizations see their executives going around the process. 17

  18. The Bigger Problem 10x Unable to keep pace Hidden costs outpace Gap of 2.5x budget to with the proliferation direct costs based on investment required. of cloud apps, process inefficiencies. connected devices, and threats and vulnerabilities. 18

  19. The Economic Impact of Third-Party Risk Management Direct FTE-only Costs 3.2 full-time equivalent (FTE) employees dedicated to third-party risk management activities. 19

  20. The Economic Impact of Third-Party Risk Management Healthcare Organization Costs Indirect labor costs: employees not dedicated, but involved in supply chain activities that touch third-party management and oversight. 20

  21. Recommendations 21

  22. A New Way: Less Time and Costs Save Time Increase Coverage Reduce Costs Focus on high-value Assess all third-party Reduce hidden costs, tasks such as training, vendors with continuous data breaches, and scenario planning, monitoring and updates disruption to patient care continuity tests, etc. and overall business. to risk profiles. 50 % 10x 50 % 22

  23. Scale Your Risk Management Process with the Collaborative Risk Network for Healthcare Provider Visibility Continuous Real-time Application Virtual Vendor One-Click and Reporting Monitoring Updates Integrations Catalog Assessment A Collaborative Risk Network for Healthcare provides fast assessments, immediate updates, and cross-functional visibility. 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Presenting a live 90-minute webinar with interactive Q&A Third-Party Risk: Tailoring Contract

Presenting a live 90-minute webinar with interactive Q&A Third-Party Risk: Tailoring Contract

Presenting a live 90-minute webinar with interactive Q&A Third-Party Risk: Tailoring Contract Clauses, Covenants, and Certifications to Enhance Compliance in a Global Market Minimizing FCPA and Related Anti-Corruption Risks and Maximizing

552 views • 39 slides
THE PUBLIC IMPACT OF COMMUNICATION PCWP-HCPWP Working party London, 17 September 2014 Frederic

THE PUBLIC IMPACT OF COMMUNICATION PCWP-HCPWP Working party London, 17 September 2014 Frederic

THE PUBLIC IMPACT OF COMMUNICATION PCWP-HCPWP Working party London, 17 September 2014 Frederic Bouder, PhD Maastricht University 1 Todays session 1- What is benefit/ risk (and risk/risk) communication ? 2- Background example of Vioxx and

650 views • 20 slides
Hello and welcome to the Recordings at Risk Recipient Informational Webinar. Well start with

Hello and welcome to the Recordings at Risk Recipient Informational Webinar. Well start with

Hello and welcome to the Recordings at Risk Recipient Informational Webinar. Well start with introducing the staff on the call today: My name is Kristen Blair, Program at CLIR and Ill be moderating this webinar today. Im joined by our

663 views • 45 slides
Welcome Introduction to Health Impact Assessment Webinar How to Interact Today with ZOOM

Welcome Introduction to Health Impact Assessment Webinar How to Interact Today with ZOOM

Welcome Introduction to Health Impact Assessment Webinar How to Interact Today with ZOOM Webinar Thi his s webin inar ar is s being ng reco corded ded There are many cool interactive functions for todays presentation! 4 4 butt

525 views • 37 slides
We Won a TAACCCT Grant! Now what about the Third-Party Evaluation? Informational Webinar

We Won a TAACCCT Grant! Now what about the Third-Party Evaluation? Informational Webinar

We Won a TAACCCT Grant! Now what about the Third-Party Evaluation? Informational Webinar November 5, 2014 To Ask Questions Evaluation Requirement Necessary Evil or Great Opportunity? 3 Ms. Eileen Poe-Yamagata Goals for Today 1. Encourage

611 views • 35 slides
Special Webinar COVID-19 and People with IDD: Impact, Prevention and Action PRESENTED BY: Craig

Special Webinar COVID-19 and People with IDD: Impact, Prevention and Action PRESENTED BY: Craig

Health Risk Screening, Inc. Special Webinar COVID-19 and People with IDD: Impact, Prevention and Action PRESENTED BY: Craig Escude, MD, FAAFP, FAADM President, Knowledge Empowers Clinical Advisory Team Focus for Today NOT Talk about

658 views • 29 slides
Pensionomics 2018: Measuring the Economic Impact of Multiemployer Pension Expenditures Webinar

Pensionomics 2018: Measuring the Economic Impact of Multiemployer Pension Expenditures Webinar

Pensionomics 2018: Measuring the Economic Impact of Multiemployer Pension Expenditures Webinar May 29, 2019 Agenda Introductions Research Review Q&A 2 Webinar Logistics Attendees in listen only mode. Questions

514 views • 22 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
OCC Mutual Savings Association Advisory Committee Third-Party Relationships: Risk Management

OCC Mutual Savings Association Advisory Committee Third-Party Relationships: Risk Management

OCC Mutual Savings Association Advisory Committee Third-Party Relationships: Risk Management Guidance Overview April 29, 2014 Kim Cahill and John Eckert Operational Risk Division OCC Chief National Bank Examiner Office 1 Third-Party

100 views • 6 slides
Innovations in Third-Party Risk Management 2019 Risk Summit Nonprofit Risk Management Center

Innovations in Third-Party Risk Management 2019 Risk Summit Nonprofit Risk Management Center

Innovations in Third-Party Risk Management 2019 Risk Summit Nonprofit Risk Management Center Lansdowne Resort & Spa Leesburg, VA October 21, 2019 T odays Speakers T om Rogers, CPA Jeff T enenbaum, Esq. Founder & CEO Chair

563 views • 40 slides
THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web

THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web

1 THIRD-PARTY RISK MANAGEMENT For your website Protect your most valuable asset - your web presence Idan Cohen, Q3 2019 The untold supply-chain challenge: THIRD-PARTIES ON WEBSITES 3 Let s understand What is a web third-party

338 views • 15 slides
Quantifying the Economic Impact of Adventure Tourism and Paths Forward Partnerships for Greatest

Quantifying the Economic Impact of Adventure Tourism and Paths Forward Partnerships for Greatest

Quantifying the Economic Impact of Adventure Tourism and Paths Forward Partnerships for Greatest Impact TUESDAY, AUGUST 7, 2018 | ATTA Webinar Christina Beckmann Senior Director, Strategy and Impact - ATTA Edmund Morris Development Economist, FHI

614 views • 22 slides
Insured/Third-Party Settlements and Consent Judgments After Insurer Denies Coverage Navigating

Insured/Third-Party Settlements and Consent Judgments After Insurer Denies Coverage Navigating

Presenting a live 90-minute webinar with interactive Q&A Insured/Third-Party Settlements and Consent Judgments After Insurer Denies Coverage Navigating Collusive Settlements Between Insureds and Third-Party Claimants and Their Impact on

728 views • 44 slides
Welcome to Today s ACM Webinar Welcome to today s ACM Webinar. The presentation starts

Welcome to Today s ACM Webinar Welcome to today s ACM Webinar. The presentation starts

Welcome to Today s ACM Webinar Welcome to today s ACM Webinar. The presentation starts at the top of the hour. If you are experiencing any problems/issues, please press the F5 key on your keyboard if you re using Windows , or

309 views • 7 slides
VENDOR MANAGEMENT AND THIRD PARTY RISK Amy J Butler Legal & General America May 18, 2018

VENDOR MANAGEMENT AND THIRD PARTY RISK Amy J Butler Legal & General America May 18, 2018

VENDOR MANAGEMENT AND THIRD PARTY RISK Amy J Butler Legal & General America May 18, 2018 Todays Presentation ! Definitions ! Why do we need Vendor Risk Management ! Risks Posed by Third Party / Vendor Relationships ! Vendor Risk

346 views • 24 slides
Education Deb Ascher Barnstone Professor of Architecture UTS ECONOMIC IMPACT CULTURAL IMPACT

Education Deb Ascher Barnstone Professor of Architecture UTS ECONOMIC IMPACT CULTURAL IMPACT

Necessity is is the mother of in invention: The im impact of the Covid-19 Crisis on Higher Education Deb Ascher Barnstone Professor of Architecture UTS ECONOMIC IMPACT CULTURAL IMPACT EDUCATIONAL IMPACT ECONOMIC IMPACT CULTURAL IMPACT

527 views • 13 slides
Midwest Medical Device Sterilization Workshop: Opportunity Case Study 2: X-Ray as an opportunity

Midwest Medical Device Sterilization Workshop: Opportunity Case Study 2: X-Ray as an opportunity

Midwest Medical Device Sterilization Workshop: Opportunity Case Study 2: X-Ray as an opportunity for contract sterilization facilities. www.benebion.com - 1 - Agenda Agenda Introduction to the case to be studied General overview

268 views • 14 slides
The Invention and Early History of the CCD Dr. George E. Smith To be Covered Bell Labs

The Invention and Early History of the CCD Dr. George E. Smith To be Covered Bell Labs

The Invention and Early History of the CCD Dr. George E. Smith To be Covered Bell Labs Background CCD Invention Device Basics Early Devices Applications Magnetic Bubbles Picturephone MOS Capacitor MOS Energy Diagram Two MOS

545 views • 23 slides
Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence

Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence

Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER) 1 Agenda SpeakerName SpeakerInstitution Topic Speaker check- in Everyone Soundcheck

204 views • 19 slides
The value of medical device integration; a clinical perspective ADRIAN HUTCHINSON CHIEF NURSING

The value of medical device integration; a clinical perspective ADRIAN HUTCHINSON CHIEF NURSING

The value of medical device integration; a clinical perspective ADRIAN HUTCHINSON CHIEF NURSING AND ALLIED HEALTH INFORMATION OFFICER ROYAL CHILDRENS HOSPITAL MELBOURNE 2014 Parkville 1958 Parkville 1876 Carlton History 30 th April 2016

279 views • 25 slides
Protecting medical data with passwordless authentication Carl Svensson, KRY/LIVI @ PasswordsCon

Protecting medical data with passwordless authentication Carl Svensson, KRY/LIVI @ PasswordsCon

Protecting medical data with passwordless authentication Carl Svensson, KRY/LIVI @ PasswordsCon 2018 1 / 16 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail (private):

448 views • 22 slides
Refinement Correction Strategy for Invalid XML Documents and Regular Tree Grammars Martin Svoboda

Refinement Correction Strategy for Invalid XML Documents and Regular Tree Grammars Martin Svoboda

Refinement Correction Strategy for Invalid XML Documents and Regular Tree Grammars Martin Svoboda and Irena Holubova (Mlynkova) svoboda@ksi.mff.cuni.cz DEXA 2014 Munich, Germany September 2, 2014 XML and Web Engineering Research Group

525 views • 31 slides
Intuitionistic Description Logic and Legal Reasoning Edward Hermann Hausler Valeria de Paiva

Intuitionistic Description Logic and Legal Reasoning Edward Hermann Hausler Valeria de Paiva

Intuitionistic Description Logic and Legal Reasoning Intuitionistic Description Logic and Legal Reasoning Edward Hermann Hausler Valeria de Paiva Alexandre Rademaker Departamento de Informtica - PUC-Rio - Brasil FGV - Brasil Univ.

551 views • 27 slides
Out of the Box Outreach and Enrollment Strategies September 24, 2015 2:00 PM EDT Agenda

Out of the Box Outreach and Enrollment Strategies September 24, 2015 2:00 PM EDT Agenda

Out of the Box Outreach and Enrollment Strategies September 24, 2015 2:00 PM EDT Agenda Overview and Introductions Engaging City Officials in Promoting Medicaid & CHIP Working with the Juvenile Justice System to Enroll

545 views • 52 slides

More recommend