Alarmed by the number of healthcare breaches that have come through third-party vendors, as well as by the high cost the breaches extract from healthcare companies, the industry will expand the use of the CSF Assurance program to business associates, the Health Information Trust Alliance (HITRUST) said Monday.

Many healthcare companies will require their business associates to get CSF Certification over the next 24 months, according to a HITRUST release. The program offers a way for healthcare organizations to evaluate and demonstrate their information privacy and security chops.

Acknowledging that the interconnectedness of companies within the healthcare industry poses systemic risk, Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group are among the companies that will now require third-party businesses to undergo similar rigors to obtain CSF Certification.