Hospitals are paying for not vetting their vendors

More than half of hospitals say they've had one or more data breaches caused by third-party vendors in the past two years, with an average cost of $2.9 million per incident – but too many are still failing to do adequate risk assessments.