Skip to content Skip to navigation

Report: Majority of EHR Vendors Score in “D” Range for Security

July 1, 2014
by Rajiv Leventhal
| Reprints

More than half of electronic health record (EHR) vendors—58 percent— scored in the "D" grade range for their culture of security, according to a report from Corl Technologies, an Atlanta-based security risk management solution provider.

The report reveals that the majority of healthcare vendors lack minimum security, and also highlights that healthcare organizations are failing to hold vendors accountable for meeting minimum acceptable standards or otherwise mitigate vendor-related security weaknesses.

The Vendor Intelligence Report is based on the analysis of security related practices for a sample of more than 150 vendors providing services to leading healthcare organizations from June 2013 to June 2014. According to the report, 8 percent of vendors scored in the “F” grade range, meaning there is a lack of confidence based on demonstrated weaknesses with their culture of security. In fact, only 4 percent of vendors scored in the “A” high confidence grade range; 16 percent scored in the “B” moderate confidence grade range; and 14 percent scored in the “C” indeterminate confidence grade range. Additionally, just 32 percent of vendors have security certifications such as FedRAMP, HITRUST, ISO 27001 and SSAE-16, the report found.

These new findings are critical to addressing the growing number of security incidents at companies attributed to partners and vendors—which increased from 20 percent in 2010 to 28 percent in 2012, according to a PricewaterhouseCoopers (PWC) report in November 2013. And a 2014 PWC report found that business partners fly under the security radar: only “44 percent of organizations have a process for evaluating third parties before launch of business operations” and only “31 percent include security provisions in contracts with external vendors and suppliers.”

“The average hospital’s data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services,” Cliff Baker, CEO, Corl Technologies, said in a statement. “When healthcare and industry organizations don’t hold vendors accountable for minimum levels of security, these vendors establish an unlocked backdoor to sensitive healthcare data.”

Read the source article at Press Release Services



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.