BLOG POST: SEC, Investors Demand Security from Vendors

Data security is no longer a topic that vendors with healthcare clients can avoid.  Investor advocates are bringing cybersecurity data risk to the forefront in company disclosure requirements.  The New York State Comptroller has filed a complaint with the SEC asking Express Scripts to release details regarding the business’ data security measures, particularly with ePHI.   Read more about the dispute with Express Scripts and the NY State Comptroller.

As the investor community wakes up to the financial risks associated with lax cybersecurity policies, more vendors will see the value in proactive response to risk assessments and transparency to their customers.  This adds increased incentive to vendors to collaborate and work with their healthcare and health plan clients to better secure ePHI.

Express Scripts, thought to have the largest database of prescription information in the U.S., carries significant financial risk if a large-scale data breach occurs.  The NY Comptroller compares the scope to the 2017 Equifax data breach in which more than half of the U.S. population may have had their data compromised. 

Takeaway: Vendors seeking to provide more assurance to the investor community can invest in security certifications and invest dollars into building a more mature security program. With a stronger vendor security posture, companies can leverage these investments as a competitive differentiator.  To learn more about Vendor Security Risk Management programs, contact our CORL Technologies team