Gerry Blass on Healthcare Third-Party Data Breaches [Podcast]


Post By: Adam Turteltaub

With healthcare relying so heavily on vendors to manage data the risks of a breach are enormous.  According to Gerry Blass, President and CEO of ComplyAssistant, a recent survey found that 63% of cyberattacks were through third parties.

In this podcast he provides insight into how to assess and manage the risk of breaches through business associates.  To best manage the risk, it’s best to begin before signing the contract: that’s when vendors are most willing to allow you to conduct a technical and administrative assessment of their security.  Be sure, he advises, to ask to see their SOC 2 report.

On an ongoing basis do an assessment at least once a year, more frequently for higher risk entities.

And always look at issues such as:

  • If the third party has downstream business associates, are they located in the US or in countries with different data rules?
  • Are their employees accessing the data remotely?
  • What controls are in place if an employee is terminated?

Listen in to learn more about which third parties hold the most and least risk, and what you can do about it.