For instance, investigators are learning that the gigantic breach at the Office of Personnel Management this summer may have been the result of two previous hacks experienced by its subcontractors.

In the healthcare field, almost one in four organizations reporting data breaches are service providers.

According to the HIPAA Omnibus Final Rule, healthcare providers and their business associates are equally responsible for protecting health information, but covered entities (hospitals, health plans, providers, etc.) are still responsible for ensuring the notification of patients whose records have been compromised - and that can be costly.

There are some practical ways for organizations - not just those in healthcare - to improve data security efforts by service providers.

Read Full Article