Third-party Risk Management

How updated third-party tech guidance affects compliance efforts

May 2, 2024 - Following a December 2022 bulletin that elicited questions from covered entities and a lawsuit from the American Hospital Association (AHA), the HHS Office for Civil Rights (OCR) updated online tracking technology guidance. In the March 2024 edition of the bulletin, OCR said it released updated guidance to “increase clarity for regulated entities and the public.” However,...

Read More


More Articles

Third-party tracking tech lawsuits surge in healthcare

by Jill McKeon

High rates of data breaches and cyberattacks mean that healthcare is no stranger to lawsuits. According to a recent report from law firm BakerHostetler, the healthcare sector’s use of third-party...

Novant Health Reaches $6.6M Settlement Over Improper PHI Disclosures

by Jill McKeon

Novant Health agreed to pay $6.6 million to settle a class action lawsuit surrounding improper disclosures of protected health information (PHI) due to the health system’s use of third-party...

Kroger Faces Lawsuits For Sharing Health Data With Meta Via Tracking Pixel Use

by Jill McKeon

Grocery chain Kroger is facing two class action lawsuits tied to its use of tracking technologies. Both lawsuits alleged that Kroger pharmacy patients were not informed that their health data was being...

HHS, FTC Publish Warning Letters Sent to Healthcare Entities Over Third-Party Tracking Tech

by Jill McKeon

In a document that spans hundreds of pages, HHS and the Federal Trade Commission (FTC) published letters sent to 130 healthcare organizations regarding the security and privacy risks of third-party...

How the Health3PT Council Addresses Third-Party Risk Management Woes

by Jill McKeon

Healthcare third-party risk management (TPRM) is broken, according to the Health 3rd Party Trust (Health3PT) Initiative and Council. The council members would know – each is a healthcare security leader who has seen firsthand the...

How Did This Happen? Understanding the Issue of Third-Party Tracking Tech in Healthcare

by Jill McKeon

In June 2022, journalists discovered that a third of Newsweek’s top 100 hospitals in America had the Meta Pixel installed on their websites, which allegedly sent a packet of data to Facebook whenever a visitor clicked a button to...

Health3PT Unveils First Actions to Address Third-Party Risk Management

by Sarai Rodriguez

The Health 3rd Party Trust (Health3PT) Initiative has unveiled its first deliverables to tackle third-party cyber risk management (TPRM) in healthcare, backed by a rapidly growing membership of...

3 Best Practices For Maturing Healthcare Third-Party Risk Management

by Jill McKeon

Third-party risk management (TPRM) remains a significant challenge for healthcare organizations of all sizes, as exemplified by the high volume of third-party data breaches reported to HHS in 2022. As healthcare organizations continue to...

Vendor Data Breach Impacts At Least 9 Healthcare Organizations

by Jill McKeon

At least nine healthcare organizations recently reported a vendor data breach tied to Adelanto HealthCare Ventures (AHCV), a consulting company that specializes in Medicaid reimbursements. According...

Tackling Third-Party Risk Management (TPRM) Challenges In Healthcare

by Jill McKeon

The majority of the top ten largest healthcare data breaches reported to HHS in 2022 stemmed from third-party vendors, signaling a need for better third-party risk management (TPRM) practices in the industry. However, healthcare...

Third-Party Data Breach Victims Double, Healthcare Most Targeted

by Sarai Rodriguez

While the number of total third-party breaches slightly dipped in 2022, the attacks impacted nearly twice as many victims, wreaking havoc on the healthcare industry more than any other sector, Black...

Rise in Third-Party Data Breaches Requires Updated Risk Management Approach

by Jill McKeon

The recent rise in third-party data breaches warrants a reevaluation of third- and fourth-party vendor relationships, new data from SecurityScorecard and the Cyentia Institute suggested. As previously...

Hacking Accounted For Nearly 80% of Healthcare Data Breaches Last Year

by Jill McKeon

Nearly 80 percent of healthcare data breaches reported to the HHS Office for Civil Rights (OCR) in 2022 were attributed to hacking and IT incidents, Fortified Health Security noted in its “2023...

Healthcare CISOs Form Health3PT Council to Improve Third-Party Risk Management

by Jill McKeon

More than 20 healthcare leaders have come together to form the Health 3rd Party Trust (Health3PT) Initiative and Council, aimed at introducing new standards, automated workflows, and assurance models...

3 Trends From the HIMSS Healthcare Cybersecurity Forum

by Jill McKeon

Experts gathered in Boston on December 5 and 6 for the HIMSS Healthcare Cybersecurity Forum to explore topics such as risk quantification, clinical perspectives on cybersecurity, and medical device security. Speakers included leaders from...

Balancing Digital Transformation With Healthcare Cybersecurity

by Jill McKeon

BOSTON, Mass. As organizations continue to digitally transform their ecosystems to enable new operations and care delivery models, healthcare cybersecurity concerns must remain top-of-mind. During a...

3M Advocate Aurora Health Patients Face PHI Exposure Tied to Tracking Pixels

by Jill McKeon

Advocate Aurora Health notified 3 million patients of a data breach that resulted in potential protected health information (PHI) exposure. The breach stemmed from the nonprofit health system’s...

Third-Party Tracking on Abortion Clinic Websites Sparks Data Privacy Concerns

by Jill McKeon

Researchers discovered third-party tracking tools on the majority of analyzed abortion clinic websites, raising data privacy concerns, according to a research letter published in JAMA Internal...

Recent Articles