Of 450 breaches investigated in 2013, 63% involved a third party, says Evantix. Hartford Hospital shared a $90K HIPAA-related fine with tech giant EMC, because of their failure to safeguard customer data on laptops. As breaches get more frequent, it is probable that fines will increase as well, especially with a growing body of regulators paying close attention to security problems. The risks posed by a small vendor cannot be ignored, even if the exposure is also small. Despite their small footprint, the risk is real, despite their small footprints.”]
Source: https://www.csoonline.com/article/3110006/outside-vendors-your-weakest-link.html