The recent health data breach linked to MediSecure has spotlighted the urgent necessity for enhanced third-party risk management practices in contemporary organisational settings. This breach, traced back to a third-party vendor, occurred just a week after the Australian Privacy Commissioner highlighted third-party vulnerabilities as a significant weak spot for organisations. More than a million Australians had their data compromised through various clubs in NSW and ACT.
The findings align with a recent report by the Office of the Australian Information Commissioner (OAIC), indicating a growing trend of data breaches stemming from third parties. Over the past six months, there have been 483 notifications of direct data breaches and 121 secondary breaches originating from third parties.
David Vohradsky, Cyber Security Practice Lead at Avocado Consulting, emphasises the need for organisations to reassess and enhance their procurement processes to mitigate such risks. He points out that procurement processes must factor in IT and security issues from the outset. In many cases, IT departments are excluded from business purchase decisions, leading to delayed risk management…
