Estimated reading time: 1 minute, 41 seconds

Healthcare Data Hack Raises Alarm on Third-party Vendor Security

The widening breach of healthcare data involving a bill collector and three medical diagnostics companies has drawn attention from layers and lawmakers.

The hack has also renewed warnings about the cybersecurity risks from third-party vendors. Opko Health Inc. recently joined rivals Quest Diagnostics Inc. and Laboratory Corporation of America Holdings in disclosing being informed of unauthorized access to customer data held by American Medical Collection Agency (AMCA). As Reuters reports, the AMCA breach is thought to have affected 422,600 customers of Opko Health, compared to 11.9 million of Quest and 7.7 million of LabCorp.

Quest has already been hit with a putative class action over the breach, which compromised Social Security numbers, medical data and baking details. The lawsuit on behalf of customers was filed in New Jersey federal court, reports Law360.

Leaders in Congress are also asking questions about the incident, reports Bloomberg. Three U.S. Senators—Bob Menendez and Cory Booker (both D-N.J.), along with Mark Warner (D.-Va.)—wrote to Quest. In one letter, Warner noted, “I am concerned about your supply chain management, and your third party selection and monitoring process.” Separately, Mendendez and Booker called on the New Jersey-based company for more information about its response to the breach.

Elsewhere, Michigan Attorney General Dana Nessel sent letters to Quest, AMCA and a third company, Optum30, which contracted with AMCA as a service provider to Quest. “This data breach is yet another example of how fragile our information infrastructure is, and how vulnerable all of us are to cyber hacking,” Nessel said, as local Fox 47 News reports.

Third-party vendor breaches are not unique to healthcare. As CPO Magazine reports, Pyramid Hotel Group—a lodging management group that provides service to several well-known hotel chains—recently discovered a breach of its security logs, potentially helping hackers compromise security at these hotel chains in the future.

A Security Boulevard blog post advises that organizations can help ensure the cybersecurity of their third-party vendors by routinely evaluating vendors, conducting regular security audits and controlling what vendors can access.

Read 3203 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.