The continued risk that vendors pose to companies, including health care entities cannot be overemphasized. This week, Sentara Healthcare (Sentara) announced that one of its third-party vendors was the victim of a “cybersecurity incident” that compromised the names, dates of birth, Social Security numbers, procedure information, demographic information and medications of 5,454 patients who received vascular and thoracic procedures at its 12 hospitals in Virginia and North Carolina.

This is the third data breach that Sentara has experienced since 2012. The first occurred in 2012, when a laptop was stolen from a vendor’s employee’s car that included 56,000 patients’ information.

The second occurred in 2015, when letters were sent to 1,040 patients as a result of a theft of two portable hard drives from one of its electrophysiology labs.