CORL Study: Only 26% of Health Industry Business Associates Have Security Certification

CORL Technologies analyzed the certification status of 1,000 vendors from the company’s database of nearly 30,000 health industry business associates and found that just 26 percent of BAs hold a security certification.

CORL said Tuesday its analysis also showed that 74 percent of health industry businesses lack security certifications related to health IT.

“Without the proper security certifications in place, a security breach experienced by only one business associate or its subcontractors could result in a damaged reputation, substantial regulatory penalties and breach remediation costs in the millions of dollars,” said CORL CEO Cliff Baker.

“Hospitals, health systems, payers and other providers must implement risk assessment and management strategies for their BAs to mitigate and defend against future breach attacks,” Baker added.

Sixty percent of surveyed vendors do not have a dedicated security leader; more than 50 percent of a health system’s vendors are small businesses; and five percent of small businesses possess security certification.

Companies that serve other industries such as Microsoft, Oracle, IBM and Google have multiple certifications including ISO, SOC 2 and the General Services Administration‘s Federal Risk and Authorization Management Program, CORL found.

Baker called on healthcare companies to take on a regulatory responsibility to address risks facing personal health information that vendors and subcontractors create, receive, maintain or transmit.

Check Also

Michael McHugh

Michael McHugh Appointed DirectViz Solutions CEO; Vinnie Tran Quoted

Vinnie Tran, president and chairman of the Board of Directors for DirectViz Solutions (DVS), made the announcement on Friday that Michael McHugh, formerly the company’s chief operating officer, has now been appointed DVS’ new CEO, effective immediately. 

supply chain

Alion, Exiger Partner to Help Secure DoD Supply Chain

Alion Science and Technology has awarded Exiger a $9.9M subcontract to implement an artificial intelligence-based technology that will work to help the Department of Defense screen vendors and monitor risks across the supply chain.

Amy Johanek

IBM Vet Amy Johanek Joins Splunk’s Public Sector Business

Amy Johanek, a nearly 15-year IBM veteran and a project management professional, has joined data analytics company Splunk as regional sales director for the public sector, FedHealthIT reported Thursday.