About The Edmund Group
Our Mission
Our Expertise
Our Expertise
At The Edmund Group, our mission is to provide ethical and expert Business Advisory services focused on Third Party Risk Management (TPRM) in the Healthcare sector. We achieve this through engaged partnerships, driving clarity, accountability, and results for our clients.
Our Expertise
Our Expertise
Our Expertise
The Edmund Group provides expert Business Advisory services focused on across program design, optimization, and execution. We leverage our extensive regulatory knowledge and operational experience, along with an engaged partnership model, to assist your organization in identifying, managing, and mitigating risks associated with their suppliers effectively.
Our Approach
Our Expertise
Our Approach
The Edmund Group takes an agile, client-first approach to Business Advisory—adapting our engagement model to your needs while delivering disciplined, risk-focused advisory services in Healthcare and Third Party Risk Management (TPRM) that support timely and effective decision-making.
Client Services
TPRM Program Design & Optimization
Regulatory Remediation & Response Support
TPRM Program Design & Optimization
We design and optimize Third-Party Risk Management programs that are risk-based, scalable, and aligned with regulatory expectations and business objectives. Our approach balances governance, process, and technology considerations to create programs that are effective in practice—not just on paper.processes, and increase profitability.
Supplier Assessments
Regulatory Remediation & Response Support
TPRM Program Design & Optimization
We assess your current TPRM environment to identify gaps, inefficiencies, and areas of elevated risk. Our assessments focus on the risks and controls most relevant to your organization—providing prioritized view of where to focus attention and investment to strengthen oversight and compliance.
Regulatory Remediation & Response Support
Regulatory Remediation & Response Support
Regulatory Remediation & Response Support
We partner with urgency to support regulatory remediation efforts, exam responses, and ongoing compliance initiatives. Leveraging deep experience in highly regulated healthcare environments, we help clients navigate complex regulatory expectations while driving clear, defensible outcomes.your sales goals.
Litigation Support & Risk Advisory
Fractional & Virtual TPRM (vTPRM) Engagement
Regulatory Remediation & Response Support
We provide subject-matter expertise and risk advisory support to assist with litigation strategy and response. Our experience enables us to translate complex third-party risk concepts into clear, credible insights that support legal teams and executive stakeholders.
Fractional & Virtual TPRM (vTPRM) Engagement
Fractional & Virtual TPRM (vTPRM) Engagement
Fractional & Virtual TPRM (vTPRM) Engagement
We offer flexible fractional and virtual TPRM leadership to support organizations that need experienced oversight without full-time staffing. Whether stabilizing a program, leading transformation efforts, or providing ongoing operational leadership, we integrate seamlessly with your team to deliver immediate impact.
Flexible Engagement Models
Fractional & Virtual TPRM (vTPRM) Engagement
Fractional & Virtual TPRM (vTPRM) Engagement
Our services are delivered through adaptable engagement models designed to meet your needs—ranging from short-term advisory support to deep-dive assessments and fully outsourced TPRM operations. This flexibility ensures the right level of support at the right time.
The Edmund Group in the News
Trizetto Notifying 3.4M of 2024 Hack Detected in 2025
"Key risk drivers that create such delays include the use of unreported stolen credentials, and overemphasis on data loss prevention defenses instead of behavior monitoring, and alert fatigue by cybersecurity teams," said Steven Adler, partner at consulting firm The Edmund Group and a former risk management executive at health insurer Humana.
"As a result, hackers who take a 'low and slow strategy' in data exfiltration are less likely to be detected," he said.
Depending on the volume of protected information involved and details of the exfiltration, the work involved in breach investigation can be significant, he said.
That includes of analysis of distributed data assets, conducting both federal and state risk of harms to understand regulatory obligations and requirements for notification, identifying customers affected and developing both internal and external communications, he said.
Investigating Conduent, BCBS Texas in Hack
"The challenge here is in the healthcare sector, whether across payer, provider or supplier, it's very common to have patient protected information shared across covered entities and business associates, and even downstream to fourth parties," said Steven Adler, partner at consulting firm The Edmund Group and a former risk management executive at health insurer Humana. "This is a real risk as a result of three key drivers," he said..
Stronger Oversight Needed as Healthcare Risks Multiply
Healthcare organizations face mounting third-party risks driven by data distribution, complex vendor networks and global uncertainty. Data often resides across multiple entities - offshore, onshore or with fourth parties, raising compliance challenges under HIPAA and new federal security regulations, said Steven Adler, partner at The Edmund Group.
Optimizing supplier oversight with risk intelligence
Supply Chain Management Review - As organizations across industries continue to outsource with product and service providers there are increasing contractual obligations, regulatory requirements, financial and reputation risks the customer (i.e., your organization) has in managing these expectations. Embedded within your supply chain management (SCM) value chain are risk management activities to ensure the appropriate governance of your supplier portfolio, whether focused on performance, the exchange of protected information, or geomonitoring of events.
Planning for Cyber Chaos: Healthcare's Resilience Test
One of the key aspects of a third-party risk management program is to have business intelligence to understand how a vendor or prospective vendor is behaving outside in the marketplace, said Steven Adler, partner at The Edmund Group and former director of enterprise third-party risk management at health insurer Humana
Free Healthcare 'Toolkit' Ranks and Maps Third-Party Risk
Indeed, one fundamental mistake many healthcare organizations make is assuming all suppliers in their portfolio bear the same level of risk, resulting in spending unnecessary time, money and effort managing "low-risk suppliers," said Steven Adler, partner at risk mitigation consulting firm The Edmund Group, and former director of enterprise third-party risk management at health insurer Humana.
Conduent Hack Victim Count Soars by at Least 50%
Some experts say the difficulty in accurately counting the number of people affected in large vendor health data breaches is a persistent struggle for many companies, often due to the long list of clients and their own individual customers.
"This is a significant risk across the healthcare sector with payers, providers, suppliers and research entities," said Steven Adler, partner at consulting firm The Edmund Group and risk management executive at health insurer Humana.
Why AI isn’t ready to replace humans in third-party risk management
While times are changing, Steven Adler, a partner with risk management advisory firm The Edmund Group, notes that “supplier risk intelligence provides early warning of disruptions like cyber breaches, litigation or M&A.” In a recent Supply Chain Management Review article, Adler noted that supplier risks matter just as much as internal ones. That line of thinking is the launching pad for a more strategic approach, he argued
The Case For a Supplier Risk Tiering Model
Risk & Compliance Journal - A supplier risk tiering model should be simple and practical, underpinned by "key risk components" that can help organizations to (i). collect store, process and maintain sensitive data, including protected health information (PHI) and personal information identifiers (PII); (ii) strategically support critical functions, such as call centers, and (iii) leverage critical fourth parties to support their operations.
Our Partners
Contact Us
FCA Enforcement Trends In 2025 And Expectations For 2026
FCA recoveries in the health care sector have always been the largest share of DOJ’s total. Last year was no exception, with DOJ recovering more than $5.7 billion in the health and human services category, or 83% of DOJ’s total annual recoveries under the FCA.