« Information Technology
  

Third-Party Data Breach Case Underscores Need for Cyber Risk Management

Plaintiffs alleged negligence in safeguarding patient data; defendants denied wrongdoing but settled to avoid litigation costs.

By Jeff Wardon, Jr., Assistant Editor


A $675,000 settlement following a 2023 vendor data breach is a recent example of how cyber risks don’t just stop at a hospital’s doorstep. For healthcare facilities, the case highlights a challenging trend: managing and mitigating risks that come with depending on third-party vendors. 

A settlement has been reached in a class action lawsuit over a November 2023 data breach at revenue cycle management provider R1 RCM Inc., which also involved Dignity Health’s St. Rose Dominican Hospital, Rosa de Lima Campus in Nevada, The HIPAA Journal reports. The breach exposed 16,121 people’s personal data, including Social Security numbers and medical information. Plaintiffs alleged negligence in safeguarding patient data; defendants denied wrongdoing but settled to avoid litigation costs. 

The R1 RCM breach isn’t just an isolated event. Since the company was a third-party vendor, the ripple effects directly impacted the hospitals it served, highlighting how healthcare facilities can end up as collateral damage in vendor attacks. 

Related Content: Cyber Crossfire: Why Healthcare Is Becoming a Battleground in Global Conflicts

Healthcare facilities managers have to begin improving visibility into their software and understand where they’re exposed to concentration risk, Jeffrey Wheatman, senior vice president and cyber risk strategist at Black Kite, told Healthcare Facilities Today. A high level of concentration risk indicates that a healthcare organization relies too much on one vendor. 

When that happens, the impact of a cyberattack could be widespread and severe if the vendor gets compromised. Managers can begin to understand this risk by being aware of the software their departments use and how it’s integrated with other systems. 

“If everybody uses a software and there's a vulnerability in that software, I need to know if my vendor is using it,” Chris Henderson, chief information security officer at Huntress, told Healthcare Facilities Today. “If I see that there is a security advisory issued for the software, my company needs to watch all the vendors more closely and the integration points for all the vendors that are using that software.”  

Jeff Wardon, Jr., is the assistant editor of the facilities market.  



September 16, 2025


Topic Area: Information Technology , Security

Recent Posts

How Efficiency Checklists Help Hospitals Save Energy, Water and Money

Keith Edgerton explains how a simple, systematic tool can help healthcare facilities identify savings, support sustainability goals and reinvest in long-term decarbonization.

Designing with Heart: Seen Health Center Blends Cultural Warmth and Clinical Care

Case study: The Alhambra-based facility uses Wilsonart Woodgrains to create a space where comfort, tradition and durability come together for an elevated senior care experience.

Rutgers Health and University Hospital Breaks Ground on Campus Expansion

The groundbreaking follows the long-awaited demolition of administrative offices built in the 1970s.

What to Consider When Modernizing Healthcare Facilities

While there has been a call to preserve old buildings, healthcare facilities need to weigh the options of patient care.

Corewell Health Beaumont Troy Hospital to Build New Tower

The tower is expected to be completed in 2030.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.