Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity

Collaboration and intelligence sharing are crucial actions to take to defend against cyberattacks, including ones linked to third parties.

By Jeff Wardon, Jr., Assistant Editor


Black Kite’s Third-Party Breach Report highlights how “silent breaches” within interconnected ecosystems dominated cyber threats in 2024. The report found that unauthorized network access caused over 50 percent of third-party breaches. Ransomware accounted for 66.7 percent of attacks, and software vulnerabilities remained a major risk. Credential misuse also grew, and software vendors became prime targets as they accumulated 25 percent of breaches. 

Healthcare was the most affected sector, making up 41.2 percent of third-party breaches due to its reliance on vendors and the high value of patient data. However, cybersecurity posture improved in some industries post-breach, especially in healthcare (62.5 percent) and financial services (33 percent), while software vendors lagged (21.7 percent). 

Third-party vendors are an avenue for cybercriminals to gain unauthorized access to the vendor itself and any organization tied to it. From there, these criminals can cause major disruptions to all parties entangled in this web. 

Related: Report Sheds Light on Cyberattack and Data Breach Trends from 2024

“When I think about the current environment, these system disruptions and data breaches are really the digital weapons of choice for today's cyber criminals and nation states to achieve their goals,” Errol Weiss, chief security officer at Health-ISAC, previously told Healthcare Facilities Today

Collaboration and intelligence sharing are key to understanding what’s going on with these disruptions and how healthcare organizations can defend themselves. 

“I would liken intelligence sharing to a virtual neighborhood watch program,” says Weiss. “So, if you experience a break in, you're able to share that experience with your peers, your neighbors, and let them understand how the bad guys got in.” 

Intelligence sharing allows organizations to understand what the bad actors are doing and how to counter their attacks, Ben DeBow, founder and chief executive officer at Fortified, previously told Healthcare Facilities Today. It also harms healthcare organizations in general when others neglect to share their information. 

“As other organizations around the world are breached, we need to keep on learning and learning from each of those incidents,” says DeBow. “We must be making sure that we are staying diligent and in filling in those holes, those attack vectors and addressing those as an organization prepares and becomes stronger.” 

Jeff Wardon, Jr., is the assistant editor of the facilities market. 



February 20, 2025


Topic Area: Information Technology , Security


Recent Posts

Sunflower Medical Group Facing Lawsuit Following January Data Breach

The lawsuit seeks a jury trial, damages, expanded credit monitoring services and security improvements at Sunflower Medical Group.


Nemours Children's Health Opens New Location in Lake Nona

The nearly 8,000-square-foot facility will increase access to primary and specialty care services.


Enhancing Safety at Hennepin Healthcare with a Screening System

Case study: The system was able to detect 2,500 risk items in less than five months.


Healthcare Workers Outside Butler Memorial Hospital for Increased Workplace Safety

The picketing comes as the nurses and other healthcare staff experience increasing incidents of workplace violence.


TriasMD Set to Open DISC Surgery Center at Carlsbad

With construction finished, it is now being equipped and staffed to take on its first cases.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.