There many lessons to be learned from a recent healthcare vendor (3rd-party) breach at the American Medical Collection Agency (AMCA) and involving Quest Diagnostics (Quest) and LabCorp laboratory services companies: https://www.cnbc.com/2019/06/03/quest-diagnostics-says-nearly-12-million-patients-may-have-had-data-breached.html https://www.washingtonpost.com/business/2019/06/05/labcorp-discloses-data-breach-affecting-million-customers Do your own due diligence on any 3rd-part