The Edmund Group in the News
Cloud-Based EHR Vendor Notifies SEC About Hacking Incident
Hackers having direct access to patient electronic protected information via EHR attacks also can result in a variety of potential harms to the affected patients, said Steven Adler, a partner at consulting firm The Edmund Group and a former risk management executive at health insurer Humana.
"From a broader risk perspective, EHR exfiltration events can lead to the resale of patient data for false claim submissions and other nefarious activities, which continue to drive up healthcare costs," he said.
Trizetto Notifying 3.4M of 2024 Hack Detected in 2025
"Key risk drivers that create such delays include the use of unreported stolen credentials, and overemphasis on data loss prevention defenses instead of behavior monitoring, and alert fatigue by cybersecurity teams," said Steven Adler, partner at consulting firm The Edmund Group and a former risk management executive at health insurer Humana.
"As a result, hackers who take a 'low and slow strategy' in data exfiltration are less likely to be detected," he said.
Depending on the volume of protected information involved and details of the exfiltration, the work involved in breach investigation can be significant, he said.
That includes of analysis of distributed data assets, conducting both federal and state risk of harms to understand regulatory obligations and requirements for notification, identifying customers affected and developing both internal and external communications, he said.
Investigating Conduent, BCBS Texas in Hack
"The challenge here is in the healthcare sector, whether across payer, provider or supplier, it's very common to have patient protected information shared across covered entities and business associates, and even downstream to fourth parties," said Steven Adler, partner at consulting firm The Edmund Group and a former risk management executive at health insurer Humana. "This is a real risk as a result of three key drivers," he said..
Stronger Oversight Needed as Healthcare Risks Multiply
Healthcare organizations face mounting third-party risks driven by data distribution, complex vendor networks and global uncertainty. Data often resides across multiple entities - offshore, onshore or with fourth parties, raising compliance challenges under HIPAA and new federal security regulations, said Steven Adler, partner at The Edmund Group.
Optimizing supplier oversight with risk intelligence
Supply Chain Management Review - As organizations across industries continue to outsource with product and service providers there are increasing contractual obligations, regulatory requirements, financial and reputation risks the customer (i.e., your organization) has in managing these expectations. Embedded within your supply chain management (SCM) value chain are risk management activities to ensure the appropriate governance of your supplier portfolio, whether focused on performance, the exchange of protected information, or geomonitoring of events.
Planning for Cyber Chaos: Healthcare's Resilience Test
One of the key aspects of a third-party risk management program is to have business intelligence to understand how a vendor or prospective vendor is behaving outside in the marketplace, said Steven Adler, partner at The Edmund Group and former director of enterprise third-party risk management at health insurer Humana
Free Healthcare 'Toolkit' Ranks and Maps Third-Party Risk
Indeed, one fundamental mistake many healthcare organizations make is assuming all suppliers in their portfolio bear the same level of risk, resulting in spending unnecessary time, money and effort managing "low-risk suppliers," said Steven Adler, partner at risk mitigation consulting firm The Edmund Group, and former director of enterprise third-party risk management at health insurer Humana.
Conduent Hack Victim Count Soars by at Least 50%
Some experts say the difficulty in accurately counting the number of people affected in large vendor health data breaches is a persistent struggle for many companies, often due to the long list of clients and their own individual customers.
"This is a significant risk across the healthcare sector with payers, providers, suppliers and research entities," said Steven Adler, partner at consulting firm The Edmund Group and risk management executive at health insurer Humana.
Why AI isn’t ready to replace humans in third-party risk management
While times are changing, Steven Adler, a partner with risk management advisory firm The Edmund Group, notes that “supplier risk intelligence provides early warning of disruptions like cyber breaches, litigation or M&A.” In a recent Supply Chain Management Review article, Adler noted that supplier risks matter just as much as internal ones. That line of thinking is the launching pad for a more strategic approach, he argued
The Case For a Supplier Risk Tiering Model
Risk & Compliance Journal - A supplier risk tiering model should be simple and practical, underpinned by "key risk components" that can help organizations to (i). collect store, process and maintain sensitive data, including protected health information (PHI) and personal information identifiers (PII); (ii) strategically support critical functions, such as call centers, and (iii) leverage critical fourth parties to support their operations.
Contact Us
The Edmund Group introduces Global Risk Intelligence
The Edmund Group is excited to launch Global Risk Intelligence, a proprietary platform continuously scanning top global risks across 12 critical vectors providing our clients with real-time insights to support their business decisions.