CynergisTek Reports Supply Chain Risks Continue Driving Demand for Vendor Security Management Services

November 11, 2021 CynergisTek, Inc.

Nationally recognized children’s hospital adds another managed service contract with CynergisTek to assess vendor risk

AUSTIN, TX (November 11, 2021) – CynergisTek (NYSE American: CTEK), a leading cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, announces a one-year Vendor Security Management service agreement with a nationally recognized children’s hospital with multiple locations.  

The healthcare industry relies on third-party vendors to deliver a wide range of goods and services from cleaning services to cloud storage, Software-as-a-Service (SaaS) providers, and consultants. To provide fundamental support for patient care delivery, many of these vendors, also known as Business Associates, have access to an organization’s network through API connections or share critical information including Protected Health Information (PHI). Ransomware hackers either take down a third-party, causing a domino effect, or use a third-party to gain access to a Covered Entity’s (providers, health plans, and clearinghouses) environment.

According to reports, 44% of health care organizations have experienced a data breach caused by a third party and the healthcare industry lags behind in securing their supply chain risks as it relates to conformance with the NIST Cybersecurity Framework. “Even though this data is concerning, our long-standing Resilience Partner Program clients are already above the average when it comes to maturing their supply chain risk management program, and a number of them are turning to our Vendor Security Management (VSM) team for support because we take the laborious day-to-day vendor security oversight off their hands,” said Andrew Mahler, Director of Privacy, Compliance, and Managed Services.

Key components of a supply chain risk management program include understanding which vendors have access to PHI and or the network, doing pre-procurement homework to determine the Business Associate’s privacy and security measures are in place, and validating these protocols through conducting on-going risk assessments.  CynergisTek provides varying levels of support through its Vendor Security Management service depending on the needs of the Covered Entity. “The demand for our VSM service stems from the rapid advancement in digital health, privacy regulations, and the ransomware attacks that can be fatal to healthcare operations. Ensuring vendors have security best practices in place is only one line of defense in the game of preventing incidents and building resilience,” said Mac McMillan, CEO and President at CynergisTek. He goes onto say, “I look back to when we started our cybersecurity practice, and our mission has remained constant – to be a true partner to our healthcare clients by helping them identify risk and reinforce their defenses to withstand attacks – and through our VSM service our clients find value in knowing their third-party vendors are adhering to the stringent security standards they hold themselves to.”

About CynergisTek, Inc.

CynergisTek (, is a top-ranked cybersecurity consulting firm helping organizations in highly-regulated industries, including those in healthcare, government, and finance navigate emerging security and privacy issues. CynergisTek combines intelligence, expertise, and a distinct methodology to validate a company's security posture and ensure the team is rehearsed, prepared, and resilient against threats. Since 2004, CynergisTek has been dedicated to hiring and retaining experts who bring real-life experience and hold advanced certifications to support and educate the industry by contributing to relevant industry associations. For more information, visit or follow us on Twitter or Linkedin.

Cautionary Note Regarding Forward Looking Statements

This release contains certain forward-looking statements relating to the business of CynergisTek, Inc.. These forward-looking statements are within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “would,” “could,” “intends,” “may,” “will,” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including but not limited to uncertainties relating to product/services development; long and uncertain sales cycles; the ability to obtain or maintain proprietary intellectual property protection; future capital requirements; competition from other providers; the ability of the Company’s vendors to continue supplying the Company with supplies and services at comparable terms and prices; the Company’s ability to successfully compete and introduce enhancements and new features that achieve market acceptance and that keep pace with technological developments; the Company’s ability to maintain its brand and reputation and retain or replace its significant customers; cybersecurity risks and risks of damage and interruptions of information technology systems; the Company’s ability to retain key members of management and successfully integrate new executives; the Company’s ability to complete acquisitions, strategic investments, entry into new lines of business, divestitures, mergers or other transactions on acceptable terms, or at all; potential risks and uncertainties relating to the existing and ultimate impact of COVID-19, including the geographic spread, the severity of the virus, the duration of the COVID-19 outbreak, actions that may be taken by governmental authorities to contain the COVID-19 outbreak or to treat its impact, and the potential negative impacts of COVID-19 on the global economy and financial markets, and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected.   Certain of these risks and uncertainties are or will be described in greater detail in the Company’s Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at  Given the risks and uncertainties, readers should not place undue reliance on any forward-looking statement and should recognize that the statements are predictions of future results which may not occur as anticipated. Many of the risks listed above have been, and may further be, exacerbated by the COVID-19 pandemic, including its impact on the healthcare industry. Actual results could differ materially from those anticipated in the forward-looking statements and from historical results, due to the risks and uncertainties described herein, as well as others not now anticipated. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.


CynergisTek Investor Relations Contact:

CynergisTek, Inc.
Bryan Flynn
(512) 402-8550 x8

CynergisTek Media Contact:

Allison + Partners
Jaime Tero

About the Author

CynergisTek, Inc.

CynergisTek is a top-ranked cybersecurity consulting firm dedicated to serving the information assurance needs of healthcare. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, and compliance goals. The company has been recognized by KLAS in the 2016 and 2018 Cybersecurity reports as a top performing firm in healthcare cybersecurity, as well as the 2017 Best in KLAS winner for Cybersecurity Advisory Services.

Follow on Twitter Follow on Linkedin Visit Website More Content by CynergisTek, Inc.
Previous Article
 CynergisTek Announces Northeast Health System Expands Relationship with Addition of Medical Device Security Services
CynergisTek Announces Northeast Health System Expands Relationship with Addition of Medical Device Security Services

CynergisTek announces a six-figure expansion contract with a large multi-site health system to conduct medi...

Next Article
CynergisTek To Attend 12th Annual Craig-Hallum Alpha Select Conference
CynergisTek To Attend 12th Annual Craig-Hallum Alpha Select Conference

CynergisTek announced that it will be attending the 12th Annual Craig-Hallum Alpha Select Conference on Nov...