By Jeff Wardon, Jr., Assistant Editor

Black Kite’s Third-Party Breach Report highlights how “silent breaches” within interconnected ecosystems dominated cyber threats in 2024. The report found that unauthorized network access caused over 50 percent of third-party breaches. Ransomware accounted for 66.7 percent of attacks, and software vulnerabilities remained a major risk. Credential misuse also grew, and software vendors became prime targets as they accumulated 25 percent of breaches. 

Healthcare was the most affected sector, making up 41.2 percent of third-party breaches due to its reliance on vendors and the high value of patient data. However, cybersecurity posture improved in some industries post-breach, especially in healthcare (62.5 percent) and financial services (33 percent), while software vendors lagged (21.7 percent). 

Third-party vendors are an avenue for cybercriminals to gain unauthorized access to the vendor itself and any organization tied to it. From there, these criminals can cause major disruptions to all parties entangled in this web. 

Related: Report Sheds Light on Cyberattack and Data Breach Trends from 2024

“When I think about the current environment, these system disruptions and data breaches are really the digital weapons of choice for today's cyber criminals and nation states to achieve their goals,” Errol Weiss, chief security officer at Health-ISAC, previously told Healthcare Facilities Today. 

Collaboration and intelligence sharing are key to understanding what’s going on with these disruptions and how healthcare organizations can defend themselves. 

“I would liken intelligence sharing to a virtual neighborhood watch program,” says Weiss. “So, if you experience a break in, you're able to share that experience with your peers, your neighbors, and let them understand how the bad guys got in.” 

Intelligence sharing allows organizations to understand what the bad actors are doing and how to counter their attacks, Ben DeBow, founder and chief executive officer at Fortified, previously told Healthcare Facilities Today. It also harms healthcare organizations in general when others neglect to share their information. 

“As other organizations around the world are breached, we need to keep on learning and learning from each of those incidents,” says DeBow. “We must be making sure that we are staying diligent and in filling in those holes, those attack vectors and addressing those as an organization prepares and becomes stronger.” 

Jeff Wardon, Jr., is the assistant editor of the facilities market.