Third-Party Vendors May Pose Healthcare Cybersecurity Risks

CMS and WPS alerted individuals about a potential data breach from the third-party software MOVEit.

By Jeff Wardon, Jr., Assistant Editor


The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are informing individuals about a potential data breach involving protected health information (PHI) and personally identifiable information (PII), according to a press release. This breach occurred due to a security vulnerability in MOVEit, a third-party software used by WPS, a CMS contractor that handles Medicare Part A/B claims. 

Third-party vendors are a potential vector for cybercriminals to use in their attacks. Many healthcare organizations utilize some form of third-party services, so they do run the risk of being vulnerable to cyberattacks from them. They also run the risk of having critical services being disrupted as well. 

Related: North Korean Operative Accused of Hacking into U.S. Healthcare Providers

“All these modern-day hospitals, for example, are super dependent on IT to be able to run efficiently and effectively,” Errol Weiss, chief security officer at Health-ISAC, told Healthcare Facilities Today. “Of course, that IT now transcends these organizational boundaries. So, all these connection points have become incredibly complicated.” 

With healthcare organizations being dependent on third-party services and vendors, one breach in that network can cause a ripple effect all throughout it. Essentially meaning all involved parties become embroiled in a much larger problem. 

Given this, healthcare organizations must look at these vulnerabilities in their business models from a risk management perspective, according to Weiss. For example, if a healthcare organization does business with a vendor that’s handling a critical process and sharing sensitive information, Weiss says to make sure to investigate their security policies. 

“This is to make sure that they're taking security seriously and doing the right things internally when it comes to cybersecurity,” says Weiss. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



September 12, 2024


Topic Area: Information Technology , Security


Recent Posts

UMC Health System Grapples with IT Outage from Ransomware Attack

The organization’s facilities remained operational despite the IT outage.


Boston Medical Center Welcomes Two New Facilities into Health System

Good Samaritan Medical Center and St. Elizabeth’s Medical Center are officially part of the health system.


Inspira Health Breaks Ground on Mullica Hill Expansion

The new 150,000-square-foot, five-story wing is expected to be open in the first quarter of 2027.


Cleanology: The Need for a Study of Cleaning

There are no accepted risk-based standards to verify whether a hospital is truly clean and safe.


Hurricane Helene Forces Unicoi County Hospital to Evacuate

A helicopter was called in alongside the Tennessee National Guard to help complete the evacuation.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.