Protect money, data, and compliance with good vendor risk management

Third-party vendor risk management is not just a theoretical concern, but a real and pressing concern. As of January 2025, The United Healthcare Group estimated the total financial impact of the 2024 Change Healthcare breach to be $3.09 billion which includes response and recovery costs, business disruptions, loans to providers, and a $22 million ransom.

You can take steps to protect your healthcare organization by utilizing vendor risk management frameworks and developing your own risk-management program.

Top four risks with third-party vendors

There are four main areas of potential risk when you work with third-party vendors. These are not only significant risks for your organization but also for your patients.

Cybersecurity risk

Guard against the possibility of data breaches or leaks caused by improper security policies and measures on the third party’s end.

Compliance risk

A third party not adhering to the necessary standards and regulations can damage your business’ reputation or legal standing. An association with a third party can also cause an organization to be out of compliance in policies or standards.

Financial risk

Weigh the probability of third parties being unable to meet their obligations or otherwise jeopardize your organization’s stability.

Operational risk

Third parties can create threats related to unforeseen process disruptions.

What this means for the healthcare industry

The U.S. Department of Justice’s revised Evaluation of corporate compliance programs guidance evaluates how effective a corporation’s oversight of third-party vendors based on criteria including:

• Third-party risk assessment