As many as 80% of CIOs and CISOs polled for a new report say they’ve experienced a breach originating with a third-party vendor in the past year, while another survey shows 44% of hospitals and health systems fail to meet basic NIST CSF protocols.

Four out of five organizations surveyed for a report released Wednesday have experienced a cybersecurity breach precipitated by a third-party vendor over the past 12 months, according to chief information officers, chief information security officers and other C-suite leaders polled.

What’s more, the report, from cyber services firm BlueVoyant, found that of the 1,500-plus security pros polled – at organizations of all types in the U.S. and abroad, including healthcare and pharma – the average respondent said their organization had been breached thanks to a vendor partner’s own vulnerabilities more than 2.5 times.

A peek at third-party cybersecurity risk management posture at healthcare organizations, the study suggests that challenges and vulnerabilities with healthcare organizations’ partner ecosystems have improved little in the years that Healthcare IT News has been reporting on how networks of outside vendors pose particular risks to health system security.