A Worrying Trend in Third-Party Security Risk

Data Breach Casualties

Imagine receiving an email from your hospital or optometrist expecting to get a regular update on the appointment you made but instead, the email reveals that you are one of many victims of a data breach. Most consumers would like to believe that such an occurrence is abnormal, however us cyber security professionals know it happens much more than one would think. In fact, just this past week, an eye clinic located in Utah announced that about twenty thousand of their patients had been victims of a data breach that originated from the eye clinic’s own third-party service provider. The service provider, DemandForce, is a patient-scheduling service that the clinic had outsourced to send reminder emails to their patients. Center administrators note that information such as names, addresses, dates of births, and phone numbers “could have been accessed.” The eye clinic has continued to work with DemandForce in trying to better secure the system that was breached as well as reforming the internal policies of the third-party system. But the damage may have already been done for those affected by the data breach.

The Increase of Third-Party Security Risk 

Third-Party security risk has been a persistent thorn that has continued to affect numerous businesses more and more over the past years. Hackers have preyed on vendors for years but this has especially been the case in recent years. They are primarily targeting these vendors for third-party data breach rather than targeting the companies themselves. This is because these hackers have the potential to steal a multitude of companies’ data rather than just a single one. In fact one of the largest costing public breaches in recent history, the Target data breach, was caused by a third-party vendor. A report done by the Ponemon Institute notes that 61 percent of U.S. companies said that they experienced a data breach caused by one of their vendors or third parties, which is a 5 percent increase from the year prior. This statistic is even more significant when you consider the fact that about a fourth of the companies did not even know if they had a third-party breach or not in the past year. The prevalence of this risk combined with the lack of information from these businesses makes third-party security risk one of the most serious security hazards that a business may face.

How We Can Help

With a delicate issue such as this, both the vendors and the business itself are at risk. Breaches not only take a toll on businesses but may put vendors out of business. However, Tiro Security can help both parties by helping mitigate third-party security risks.  We will work with third-party providers to assess their vulnerabilities and help lower their potential risks. For more information on how we can be of assistance, call (424) 216-8476 or continue visiting our website for more information.

Posted in