• Ponemon Institute and Censinet Find Third-Party Risk Costs the Healthcare Industry $23.7 Billion a Year

    Research Identifies a Third-Party Risk Management Cost Multiplier of 10x Due to Hidden Costs Across an Organization; Cloud Applications and Medical Devices Drive Risks and Contribute to Average Data Breach Cost of $2.9 Million  

    Boston, MA – July 10, 2019 – The inability to adequately assess and understand the risks that vendors pose is becoming incredibly costly to healthcare providers, according to a new report released today by Censinet and the Ponemon Institute. According to the research, the yearly hidden costs of managing vendor risk is $3.8 million per healthcare provider, far surpassing the $2.9 million that each data breach costs providers. The cost across the healthcare industry is $23.7 billion per year. The research also indicates that 56 percent of healthcare organizations have experienced a data breach introduced by one or more third-party vendors in the last two years.

    The report, “The Economic Impact of Third-Party Risk Management in Healthcare,” analyzes the results of a survey of 554 healthcare IT and security professionals who are involved in managing their organizations’ vendor risk management programs (VRMP). Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, and Ed Gaudet, CEO and founder of Censinet, will discuss the research and vendor risk management best practices for healthcare providers during a webinar on July 25th, 2019 at 12PM ET.

    The report found that 72 percent of respondents believe the increasing reliance upon third-party medical devices connected to the internet is risky, and 68 percent say moving to the cloud while connecting medical devices to the internet creates significant cyber risk exposure. Two out of three respondents believe that current manual risk management processes cannot keep pace with cyber threats and vulnerabilities, while 63 percent believe they cannot keep pace with the proliferation of digital applications and devices. Reliance on inefficient third-party vendor risk management processes and the inability to automate risk assessments and remediation has created an environment where third-party breaches are commonplace and expensive.

    These inefficiencies and escalating breaches exist despite the number of resources – both known and hidden – that are involved in the vendor risk management process. The report states that the average healthcare provider has 3.21 dedicated full-time employees spending more than 500 hours per month completing vendor risk assessments. However, the research uncovered that there are significant, additional hidden costs – including the involvement of information security and risk staff, supply chain managers, clinicians, and line of business managers – which increase that number by 10x to 5,040 hours per month that healthcare providers spend managing third-party vendor risk. Even with this time and resource commitment, 60 percent of respondents still believe that time spent on vendor risk assessments takes resources away from other important tasks.

    “This research confirms that healthcare providers require a better, more cost-effective approach to third-party risk management,” said Ed Gaudet, CEO and founder of Censinet. “The adoption of technology in healthcare is more rapid and complicated than ever before. As an industry, we must help providers safely enable cloud applications and medical devices optimized to deliver the quality of care hospitals and their patients expect.”

    Additional findings of the report include the following:

    • Healthcare providers have an average of 1,320 vendors under contract, but just 27 percent said that they assess all vendors annually;
    • Fifty-nine percent of respondents said that they believe senior executives in their organization can bypass the third-party assessment process in order to secure a lucrative business relationship, creating an enormous loophole for even the most effective vendor risk management programs;
    • Eighty percent of healthcare providers believe that prioritization of vendor risks is very important – but only 36 percent believe their ability to do so is very effective;
    • Only 40 percent of respondents say that they believe vendor assessments as they exist today are very valuable for the actionable insights they provide to the C-suite and board of directors;
    • Only 21 percent of all vendor risk assessments result in a requirement to remediate prior to doing business with the healthcare provider while only 11 percent result in disqualification.

    “It’s clear that healthcare providers are in a tough spot. The number of vendors they rely on is increasing at the same time the threats those vendors pose are escalating in frequency and severity, so it’s easy to see how managing these risks has become an overwhelming problem,” said Dr. Ponemon, chairman and founder of the Ponemon Institute. “But it’s not all bad news – we can very clearly see an opportunity with automation for healthcare providers to monitor, measure, and mitigate the scourge of third-party breaches that continues to plague their industry.”

    The vast majority of respondents recognize the importance of automation, such as continuously updating changes to third-party risk (78 percent) and standardizing vendor assessment questionnaires (74 percent) – but only 38 percent are able to achieve automation of each capability.  In fact, only one-third of respondents said that they are automating most of their vendor assessment programs, which means that the vast majority of healthcare providers continue to rely on manual, inefficient processes to mitigate third-party risk.

    For more information or to download the full report please visit: https://go.censinet.com/ponemon-third-party-vendor-risk-management-research

    To learn more about the survey data and best practices register for the live webinar to be presented by Dr. Larry Ponemon and Ed Gaudet on July 25th at 12PM ET: https://zoom.us/webinar/register/WN_a0S0hJdmQQCoySFyqGhc9g  

    About Censinet

    Censinet provides the first and only third-party risk management platform built by and for healthcare providers to manage the threats to patient care that exist within an expanding ecosystem of vendors. With its unique Censinet One-click Assessment™ capabilities and Digital Vendor Catalog™, the Censinet Platform reduces the time to assess vendor risk from weeks to seconds, while automating inefficient workflows and providing continuous real-time insights into the changing risk profile of each vendor. Censinet is based in Boston, MA and can be found at https://censinet.com/

    About the Ponemon Institute

    Founded in 2002 by Dr. Larry Ponemon and Susan Jayson, Ponemon Institute conducts independent research on data protection and emerging information technologies. Our goal is to enable organizations in both the private and public sectors to have a clearer understanding of the trends in regulations and the threat landscape that will affect the collection, management and safeguarding of information assets. Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.

    Ponemon Institute is the parent organization of the Responsible Management (RIM) Council. The RIM Council draws its name for the practice of Responsible Information Management, an ethics-based framework and long-term strategy for managing personal and sensitive employee, customer and business information. Members of the RIM Council represent a cross-section of Fortune 500 companies and are champions of privacy and data protection in their organizations.

    Contact:
    Dan Gaffney
    fama PR for Censinet
    (617) 986-5036
    [email protected]

    ###

    Posted 7.10.2019

  • Vocera CEO Brent D. Lang Accepted into Forbes Technology Council

    Forbes Technology Council Is an Invitation-Only Community for World-Class CIOs, CTOs, and Technology Executives.

    SAN JOSE, CA – July 10, 2019 – Vocera Communications, Inc. (NYSE:VCRA), a recognized leader in clinical communication and workflow solutions, today announced the company’s president and CEO, Brent D. Lang, has been accepted into Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs, and technology executives.

    Lang was vetted and selected by a review committee based on the depth and diversity of his experience. Criteria for acceptance include a track record of successfully impacting business growth metrics, as well as personal and professional achievements and honors.

    “We are honored to welcome Brent Lang into the community,” said Scott Gerber, founder of Forbes Councils, the collective that includes Forbes Technology Council. “Our mission with Forbes Councils is to bring together proven leaders from every industry, creating a curated, social capital-driven network that helps every member grow professionally and make an even greater impact on the business world.”

    As an accepted member of the Council, Lang has access to a variety of exclusive opportunities designed to help him reach peak professional influence. He will connect and collaborate with other respected local leaders in a private forum. Lang will also be invited to work with a professional editorial team to share his expert insights in original business articles on Forbes.com, and contribute to published Q&A panels alongside other experts.

    Finally, Lang will benefit from exclusive access to vetted business service partners, membership-branded marketing collateral, and the high-touch support of the Forbes Councils member concierge team.

    “I’m excited to be a member of the Forbes Technology Council, to learn from and build relationships with the other members, and to share my perspective on how healthcare technology can improve the lives of patients, families and care teams around the world,” Lang said.

    About Forbes Councils

    Forbes Councils is a collective of invitation-only communities created in partnership with Forbes and the expert community builders who founded Young Entrepreneur Council (YEC). In Forbes Councils, exceptional business owners and leaders come together with the people and resources that can help them thrive.

    For more information about Forbes Technology Council, visit forbestechcouncil.com. To learn more about Forbes Councils, visit forbescouncils.com.

    About Vocera

    The mission of Vocera Communications, Inc. is to simplify and improve the lives of healthcare professionals and patients, while enabling hospitals to enhance quality of care and operational efficiency. In 2000, when the company was founded, we began to forever change the way care teams communicate. Today, Vocera offers the leading platform for improving clinical communication and workflow. More than 1,850 facilities worldwide, including nearly 1,600 hospitals and healthcare facilities, have selected our clinical communication and workflow solutions. Care team members use our solutions to communicate and collaborate with co-workers by securely texting or calling, and to be notified of important alerts and alarms. They can choose the right device for their role or task, including smartphones or our hands-free, wearable Vocera Smartbadge and Vocera Badge. Interoperability between the Vocera Platform and more than 140 clinical and operational systems helps reduce alarm fatigue; speed up staff response times; and improve patient care, safety, and experience. In addition to healthcare, Vocera is at home in luxury hotels, aged care facilities, nuclear power facilities, schools, libraries, retail stores, and more. Vocera solutions make a difference in any industry where workers are on the move and need to connect instantly with team members and access resources or information quickly. In 2017, Vocera made the list of Forbes 100 Most Trustworthy Companies in America. Learn more at http://www.vocera.com and follow @VoceraComm on Twitter.

    Posted 7.10.2019

  • CHIME Survey Shows Uptick in CIO Salaries in 2018, with Women Pulling Ahead 

    ANN ARBOR, MI, July 10, 2019 – Chief information officers and other senior healthcare IT executives made on average a base salary of $235,806 in 2018, according to a survey of College of Healthcare Information Management Executives (CHIME) members. Women earned about $30,000 more than their male counterparts, and members with medical degrees commanded salaries well above the average.
     
    “In many organizations, the CIO is a strategic partner who works across the healthcare system to improve health and care,” said D. Sheree McFarland, a member of the CHIME Board of Trustees and Division CIO of the West Florida Division of HCA Healthcare. “We are valued for our leadership skills and our ability to collaborate with everyone, from the CEO to clinicians to the finance department. As a member of Women of CHIME, it is rewarding to see that gender is not a barrier to equitable pay and that both our women and men members are recognized for their contributions.”
     
    CHIME conducted the survey in late 2018, asking U.S-based members to answer multiple choice questions that included demographics, job structure, organization type, base salary and benefits, job satisfaction and more. All responses were anonymous. A total of 266 CHIME members completed the survey, which represents about 11 percent of CHIME’s domestic membership.   
    In 2012, CHIME members participated in a similar survey. Overall, the 2018 survey showed an uptick in average base salaries, with most respondents satisfied or very satisfied with their total compensation and current job.
    Among the key findings:
     
    • The average base salary was $235,806 in 2018 vs. $208,417 in 2012.
    • On average, women made $257,340 while men averaged $228,217.
    • 18 percent of respondents reported that they received no increase to their salary for 2018.
    • Almost 75 percent of respondents said that they were very satisfied or satisfied with their current jobs.
    • Those who reported to be very satisfied with their total compensation had an average salary of $302,731 while those who said they were very unsatisfied had an average salary of $168,857.
    •  Some 6 percent of respondents reported having medical degrees and earned about 60 percent more than those with master’s degrees.
    • Those who were at a facility with 1-25 beds reported an average salary of $136,183 while those at facilities with 400-699 beds had average salaries of $299,302.
     
    For purposes of the survey, base salary was defined as what respondents are paid on an annual basis, before deductions for taxes, health and other types of insurance, other employment-related deductions and retirement fund contributions. Base salary also excludes any form of bonus payments received, which often represents a significant component of executive compensation. Over 95 percent of respondents said that they receive paid time off and health benefits and 70 percent received bonus payments.
     
    The full report is available on the CHIME website here.
     
    About CHIME
    The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs) and other senior healthcare IT leaders. With more than 2,900 members in 55 countries and over 150 healthcare IT business partners and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and care in the communities they serve. For more information, please visit chimecentral.org.
     
    Contact
    Candace Stuart
    Director of Communications and Public Relations, CHIME
    734.665.0000
     
    Posted 7.10.2019

  • CynergisTek Supports Multiple Educational Programs to Address the Future of the Cybersecurity

    Profession Leading Firm Endorses Innovative Programs That Provide Cybersecurity Training and Professional Development

    Austin, TX, July 09, 2019 – CynergisTek, Inc., (NYSE AMERICAN: CTEK), a leader in healthcare cybersecurity, privacy, and compliance, today announced its support for two innovative programs that provide cybersecurity education and training to help groom a future workforce of cybersecurity professionals. Programs of this nature provide the resources needed to address the future shortage of well-trained and educated professionals interested in this field.

    Currently, there is a critical shortage of cybersecurity expertise and it is expected to grow to 1.8 million unfilled cybersecurity positions globally by 2022. At the same time, there are not enough individuals seeking degrees or careers in STEM (science, technology, engineering, and mathematics) and cybersecurity to keep up with growing demand. The Air Force Association is determined to change that through its CyberPatriot Program which works with K-12 students to inspire them to pursue careers in cybersecurity and other STEM disciplines. As part of the program, the organization holds an annual National Youth Cyber Defense Competition where students are put in charge of securing virtual networks. An amazing 88% of CyberPatriot participants have matriculated into STEM degree programs in college. CynergisTek is proud to be a CyberPartner of the CyberPatriot Program. 

    Additionally, CynergisTek also announced that it endorses the Leadership in Healthcare Privacy and Security Risk Management Professional Certificate Program offered through The University of Texas at Austin, McCombs School of Business. This is a unique certificate program that is designed to help close the gap of cybersecurity workforce shortages by educating a variety of students and working professionals in other fields who are looking for a career path in healthcare. To further support the program, CynergisTek executives, Mac McMillan and Clyde Hewitt, were heavily involved in the development of the curriculum and will provide some presentations and lectures for the inaugural program, including an overview of healthcare cybersecurity, third-party risk management, medical device management, and more. 

    “It’s been said that cybersecurity is the key issue of our time, and cybercrime the biggest risk to businesses. There can’t be a more important educational priority than teaching the next generation, who will most certainly have a smart device for virtually everything they do, about cybersecurity,” said Mac McMillan, CEO of CynergisTek. “Programs like The University of Texas at Austin course and the CyberPatriot Program that focus on teaching cybersecurity and creating a more intelligent workforce for the future are where it’s at. If we ever hope to overcome the shortage of cybersecurity talent, we will need more programs like these. I’m convinced that education is the key and I’m proud of what we do here at CynergisTek to support these initiatives.”

    About CynergisTek, Inc.

    CynergisTek is a top-ranked cybersecurity firm dedicated to serving the information assurance needs of the healthcare industry. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, and compliance goals. Since 2004, the company has served as a partner to hundreds of healthcare organizations and is dedicated to supporting and educating the industry by contributing to relevant industry associations. The company has been named in numerous research reports as one of the top firms that provider organizations turn to for privacy and security and won the 2017 Best in KLAS award for Cyber Security Advisory Services.

    Forward-Looking Statements

    This release contains certain forward-looking statements relating to the business of CynergisTek that can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “may” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including uncertainties relating to product/service development, long and uncertain sales cycles, the ability to obtain or maintain patent or other proprietary intellectual property protection, market acceptance, future capital requirements, competition from other providers, the ability of our vendors to continue supplying the company with equipment, parts, supplies and services at comparable terms and prices and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in our Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.

    ###

    Investor Relations Contact:
    CynergisTek, Inc.
    Bryan Flynn
    (512) 402-8550 x8
    [email protected]

    Media Contact:
    Aria Marketing
    Danielle Johns
    (617) 332-9999 x241
    [email protected]

    Posted 7.9.2019

  • Avaap Acquires Navigator Management Partners Creating A Cross-Platform, Industry-Specialized Global IT Advisory And Management Consulting Powerhouse

    EDISON, NJ – July 8, 2019Avaap, an industry-focused advisory services and IT management consulting firm, today announced its acquisition of Navigator Management Partners, a cross-platform management and technology consulting firm specializing in ERP systems, business intelligence (BI), and change management. The acquisition expands Avaap’s capabilities from an Infor-only consulting organization to a best-in-class cross-platform technology advisory and management consulting firm for organizations in healthcare, retail, higher education, non-profit, government, manufacturing, and other commercial industries.

    Navigator is based in Columbus, OH. Since its founding nearly two decades ago Navigator has realized unparalleled success in client realization of return on investment and business benefit when implementing large IT projects, process improvements, or organizational change management support.

    Avaap, which has more than 200 customers in 35 countries, is now positioned to serve a broader sector of the market and cater to businesses across all industries seeking to leverage enterprise technology to drive business transformation. Among the major market drivers, including ongoing pressure to improve efficiency and cut costs, increased merger and acquisition activity, and lack of skilled IT professionals, especially with BI and change management capabilities, Avaap is able to provide highly specialized industry expertise across the major enterprise applications to help customers optimize IT ecosystems, cut costs, and improve workflows. Avaap’s mission of building deep industry expertise is further strengthened with this acquisition.

    “The acquisition of Navigator is a landmark step in Avaap’s strategic development,” said Dhiraj Shah, president and CEO, Avaap. “Digital transformation, migration to the cloud, and other industry disruptors are increasing the need for customers to seek an experienced partner that understands their business, not just the technology. Our focus is to have the leading market share in the industries we serve by providing superior end-to-end capabilities. This acquisition, along with the continued support from our capital partner NMS Capital, and the new partnerships we inherit, allow us to support our growth goals and extend that commitment to our largest assets; our customers and employee citizens.”

    Navigator CEO David Schoettmer added, “We are two growing and profitable companies, both passionate about our shared vision and values. Joining together puts us in a stronger position to build for the future faster and better than before, combining a massive breadth of experienced resources across multiple ERP platforms, as well as BI and change management expertise. The acquisition will allow our existing and new customers to have access to some of the best people and technologies available to address their critical missions and our employees will benefit from greatly expanded growth opportunities as part of the new company. We see strong opportunities for growth and the combined organization will enable us to have the team and resources to do so.”

    ###

    About Avaap

    Avaap is an industry-focused advisory services and IT management consulting firm. Headquartered in Edison, N.J. with global offices and customers around the world, Avaap has deep expertise in healthcare, retail, fashion, manufacturing and distribution, and other industries. Avaap has earned numerous industry accolades, including being named on Computerworld’s list of 100 Best Places to Work in IT since 2014; recipient of Infor’s Alliance Partner of the Year award since 2014 as well as winner of several other Infor partner awards; KLAS 2017 Category Leader for Revenue Cycle Optimization; five year honoree on the Inc. 500, recipient of NJBIZ 50 Fastest Growing Companies since 2015, and multi-year recipient of Becker’s Healthcare and Modern Healthcare’s Top Places to Work awards. Avaap’s culture is powered by passionate people who are relentless in driving customer satisfaction. To learn more, visit www.avaap.com.

    About Navigator Management Partners

    Navigator Management Partners, located in Columbus, OH, is a cross-platform management and IT consulting firm specializing in ERP system implementations with heavy focus on business intelligence and analytics, business analysis and process optimization, IT strategy, and organizational change management. Navigator has received dozens of industry awards acknowledging its status as a rapidly growing company, a best place to work, and an active participant in corporate philanthropy. Founded in 2001, Navigator maintains strategic partnerships with market-leading cloud applications, specializing in Workday, Prosci®, and others.  Visit navmp.com to learn more.

    Posted 7.8.2019
Newer posts