KLAS Contact
Contact KLAS
Contact KLAS
2026 BEST IN KLAS
Preferences
Related Series
Third-Party Risk Management in Healthcare 2026
An Initial Look at the State of the Market
Author
Shawn Howell
Author
Jaren Day
Healthcare organizations depend on many vendors for software, devices, services, and infrastructure, but those vendors’ offerings can introduce security risks. In a 2025 study published by KLAS and EY, 74% of healthcare organizations reported having been impacted by a third-party breach in the previous 24 months, underscoring the urgency of this issue. To combat these types of breaches, healthcare organizations use third-party risk management (TPRM), the practice of ensuring the risks associated with external partners don’t compromise patient care, data security, or operational resilience. For this report, KLAS interviewed 44 organizations (including payers, health systems, standalone clinics and hospitals, an ACO, and an MSO) about how they manage third-party risk, the challenges they face, which TPRM vendors support their efforts, and what they believe needs to change in the market.
If you don't have a login, getting started is easy.
Writer
Sarah Brown
Designer
Kath Spencer
Project Manager
Amanda Wind
This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2026 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.