Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Health3PT: Healthcare Security Leaders Rethink Third-Party Risk Management

3 min read
Featured Image

Third-party risk management (TPRM) remains one of the top security challenges for healthcare organizations. In 2022, the U.S. Department of Health and Human Services (HHS) received healthcare data breach reports from 590 organizations. The reported data breaches impacted over 48 million people.

And a recent report by HealthITSecurity found that the majority of the ten largest data breaches occurred at third-party vendors with access to protected health information. Three of the ten breaches were caused by third-party tracking pixels that inadvertently sent sensitive information to tech companies, like Meta.

For many healthcare organizations, dealing with third-party risks is difficult and inefficient. Vendors evaluate risks differently, often manually, resulting in blind spots, and there is limited follow up on identified risks. Complacency about continuous monitoring is commonplace, as is having no assurance program to ensure adequate security controls are in place. 

There is an especially high risk of a breach occurring in smaller organizations with fewer resources. A recent survey conducted by the Ponemon Institute on behalf of the Healthcare and Public Health Sector Coordinating Councils (HSCC)  found significant differences in capability and budget between large and small healthcare organizations when it comes to managing and reducing supply chain risks. However, organizations of all sizes reported that they have difficulty managing supply chain risks.

What Is Health3PT? 

In response to growing cybersecurity threats, over 20 leading healthcare organizations, including UPMC, Centura Health, Memorial Sloan Kettering Cancer Center, Highmark Health, Tufts Medicine, Humana, and Walgreens, are collaborating to address ongoing third-party risk management challenges. Together, they formed Health 3rd Party Trust Initiative and Council (Health3PT).

On January 11, 2022, Health3PT announced its commitment to providing credible assurance models, creating standards, and automating workflows across the healthcare ecosystem. As a first step in their collaboration, Health3PT plans to create a series of common practices for managing vendor risk.

healthcare security leaders rethink third-party risk management

HITRUST Requirement for Third-Party Vendors

Health3PT member organizations will require all third-party vendors to become HITRUST certified. HITRUST is a security framework designed to help healthcare organizations comply with regulations and standards. Requiring HITRUST certification from vendors allows companies to collect and maintain information privacy and security assurances from third parties using a uniform, standardized approach. HITRUST certification will allow vendors to devote more time and resources to security measures instead of responding to hundreds of proprietary questionnaires.

Health3PT member Omar Sangurima, Principal Technical Program Manager of the governance, risk, and program management for Memorial Sloan Kettering Cancer Center, stated in an interview with SC Media, “while HITRUST may not be ideal for all provider entities, Health3PT aims to use a "nutrition label" model as a way to provide smaller entities with assurance that certain vendors, tools, or service providers are leveraging best practice security measures.”

Health3PT member, Omar Khawaja, Highmark Health CISO explained, “Leveraging market forces helps not only the ‘have-nots,’ it turns out that's the only way to help the ‘have's’ as well. The "nutritional label" is accessible to everyone, and is scalable, actionable, and understandable. When someone is looking to avoid certain ingredients, they check the label without needing to understand every aspect."

Health3PT’s Goal in Third-Party Risk Management 

The members of Health3PT view the third-party risk management issue as an ecosystem issue rather than an issue facing an individual organization or enterprise. By sharing their knowledge and resources, creating standards, and building a solid framework, larger organizations hope to support smaller organizations, and create an ecosystem solution to help close the gaps in TPRM. 

The goal of Health3PT is to create third-party risk management solutions that work for both organizations and third-party vendors.

Health3PT is actively seeking participation from all healthcare organizations. In Q1 2023, the Health3PT will publish its first deliverable: research on third-party risk metrics. Additionally, the Health3PT will host industry-wide events in 2023, including a summit for vendors, third-party risk management stakeholders, and assessors.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo