{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T00:36:39Z","timestamp":1761870999719,"version":"build-2065373602"},"reference-count":8,"publisher":"Georg Thieme Verlag KG","issue":"05","license":[{"start":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T00:00:00Z","timestamp":1761782400000},"content-version":"vor","delay-in-days":29,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Appl Clin Inform"],"published-print":{"date-parts":[[2025,10]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Gather insights regarding the state of third-party access cybersecurity in healthcare delivery organizations (HDOs).<\/jats:p>\n                  <jats:p>An online multinational survey was deployed to eligible respondents to assess HDO third-party access, cybersecurity, and challenges.<\/jats:p>\n                  <jats:p>Of 209 respondents, only 51.1% reported having a comprehensive inventory of all third parties accessing their network. Sixty percent stated third-party access to sensitive\/confidential information was not routinely monitored, despite 19% having more than 40, and 31% having 21 to 40 third parties with network access. Reasons included lack of resources (48%) and centralized control over third-party relationships (36%), complexity (28%), and frequent third-party turnover (22%). Confidence in third-party ability to secure information and their reputations was cited. More than half (56%) reported a breach involving a third party in the last 12 months, and two-thirds anticipate breaches increasing in the next 12 to 24 months. Most agreed breaches are a cybersecurity priority, a resource drain, and their weakest attack surface. Slight majorities indicated high perceived effectiveness in mitigating, detecting, preventing, and controlling third-party access risks and security\/privacy regulatory compliance. Regarding existing solutions, roughly half (55%) ranked the effectiveness of vendor privileged access management (VPAM) and privileged access management (PAM; 49%) at \u2264 6 on a 10-point scale, respectively. Barriers to reducing access risks include lack of oversight\/governance (53%) and insufficient resources (45%). Of those monitoring third-party access, 53% do so manually. Breach consequences include loss\/theft of sensitive information (60%), regulatory fines (49%), severed relationships with third parties (47%), and loss of revenue (42%) and business partners (38%).<\/jats:p>\n                  <jats:p>HDOs recognize the increasing threat of third-party cyber breaches but are struggling to effectively address them. Lack of budget, expert resources, complexity, and third-party turnover are among the reasons why. Need exists for automated, cost-effective solutions to address the significant risks of third-party access with a consistent strategy that minimizes breach risk by securing remote access to privileged assets, accounts, and data.<\/jats:p>","DOI":"10.1055\/a-2713-5725","type":"journal-article","created":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T00:29:22Z","timestamp":1761870562000},"page":"1518-1530","source":"Crossref","is-referenced-by-count":0,"title":["Third-Party Access Cybersecurity Threats and Precautions: A Survey of Healthcare Delivery Organizations"],"prefix":"10.1055","volume":"16","author":[{"given":"George A.","family":"Gellert","sequence":"additional","affiliation":[{"name":"San Antonio, Texas, United States"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Borgasano","sequence":"additional","affiliation":[{"name":"Imprivata Inc, Lexington, Massachusetts, United States"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert","family":"Palermo","sequence":"additional","affiliation":[{"name":"Imprivata Inc, Lexington, Massachusetts, United States"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gabriel L.","family":"Gellert","sequence":"additional","affiliation":[{"name":"San Antonio, Texas, United States"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean P.","family":"Kelly","sequence":"additional","affiliation":[{"name":"Imprivata Inc, Lexington, Massachusetts, United States"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"194","published-online":{"date-parts":[[2025,10,30]]},"reference":[{"issue":"09","key":"ref3","first-page":"330","article-title":"The three Ps of third-party risk","volume":"3","author":"M Sangster","year":"2020","journal-title":"Cyber Security: A Peer-Reviewed Journal"},{"issue":"01","key":"ref4","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1186\/s12911-020-01161-7","article-title":"Cybersecurity of hospitals: discussing the challenges and working towards mitigating the risks","volume":"20","author":"S T Argaw","year":"2020","journal-title":"BMC Med Inform Decis Mak"},{"issue":"03","key":"ref14","doi-asserted-by":"crossref","first-page":"698","DOI":"10.1057\/s41288-022-00266-6","article-title":"Cyber risk and cybersecurity: a systematic review of data availability","volume":"47","author":"F Cremer","year":"2022","journal-title":"Geneva Pap Risk Insur Issues Pract"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"e46904","DOI":"10.2196\/46904","article-title":"Vulnerability to cyberattacks and sociotechnical solutions for health care systems: Systematic review","volume":"26","author":"P Ewoh","year":"2024","journal-title":"J Med Internet Res"},{"issue":"04","key":"ref19","doi-asserted-by":"crossref","first-page":"17","DOI":"10.61093\/hem.2023.4-02","article-title":"Healthcare cybersecurity and cybercrime supply chain risk management","volume":"4","author":"J Wright","year":"2023","journal-title":"Health Econo Manag Rev"},{"issue":"01","key":"ref20","first-page":"438","article-title":"Cybersecurity threats in healthcare it: challenges, risks, and mitigation strategies","volume":"6","author":"M J Rahim","year":"2024","journal-title":"J Artificial Intell General Sci"},{"issue":"05","key":"ref26","doi-asserted-by":"crossref","first-page":"921","DOI":"10.1055\/s-0044-1790551","article-title":"Design and implementation of tabletop cybersecurity simulation for health informatics graduate students","volume":"15","author":"E E Blanchard","year":"2024","journal-title":"Appl Clin Inform"},{"issue":"04","key":"ref27","doi-asserted-by":"crossref","first-page":"924","DOI":"10.1055\/s-0041-1735527","article-title":"Information security awareness and behaviors of health care professionals at public health care facilities","volume":"12","author":"D Alhuwail","year":"2021","journal-title":"Appl Clin Inform"}],"container-title":["Applied Clinical Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.thieme-connect.de\/products\/ejournals\/pdf\/10.1055\/a-2713-5725.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T00:29:24Z","timestamp":1761870564000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.thieme-connect.de\/DOI\/DOI?10.1055\/a-2713-5725"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10]]},"references-count":8,"journal-issue":{"issue":"05","published-online":{"date-parts":[[2025,10,17]]},"published-print":{"date-parts":[[2025,10]]}},"URL":"https:\/\/doi.org\/10.1055\/a-2713-5725","archive":["Portico","CLOCKSS"],"relation":{},"ISSN":["1869-0327"],"issn-type":[{"value":"1869-0327","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10]]}}}