Third Party Vendors May Put Healthcare Facilities at Risk for Cyberattacks 

Third-party vendors are becoming a possible vector for cyberattacks.

By Jeff Wardon, Jr., Assistant Editor


Cyberattacks and data breaches continue to hammer healthcare facilities. As they do, facility managers are tasked with keeping watch on where sensitive data is being shared on an around-the-clock basis.  

Another avenue for attackers is becoming increasingly clear: third-party vendors. 

According to Cook County Health’s (CCH) press release, Perry Johnson & Associates (PJ&A), Inc., a third-party vendor CCH shared information with for medical transcription services, notified CCH that there was a data breach on PJ&A’s systems that involved some of their patient data. After learning this, CCH cut off its ties to PJ&A.  

Third-party vendors can be a potential vector for cyberattacks, as seen in the large chain of healthcare attacks due to a MOVEit software vulnerability. Since healthcare facilities actively share information with these vendors, a data breach at the vendor’s systems can expose sensitive patient information.  

However, either at the source or the third-party level, this data can be accessed by other individuals if they breach the systems. This is done through cyber bots breaching these organizations’ systems to assess the value of and extract the data from the system, creating what Charlie Regan, chief executive officer at Nerds On Site, calls “data drip.” 

“We can go into a company and find out in 15 minutes you have got data going at 195,000 drips of data every minute,” Regan previously told Healthcare Facilities Today. “You have got some going to Poland, you have got some going to North Korea and you have got some going to South Africa. You have clients, trusted suppliers or trusted stakeholders in any of those arenas. If not, then you know that you are experiencing data drip.” 

Regan also adds that healthcare facilities can take what is known as a zero-trust approach, where any party who wishes to access an organization’s resources is immediately deemed untrustworthy. For these parties to access the resources, they would have to pass a series of checks to verify who they are, such as multifactor authentication (MFA). 

Regan further says that facilities managers must keep an ever-watchful eye on their data drip, even keeping an eye on what third-party vendors that healthcare facilities share their data with.  

Jeff Wardon, Jr. is the assistant editor for the facilities market. 



October 18, 2023


Topic Area: Information Technology , Safety , Security

Recent Posts

Wanted: Scientific Standard for Hospital Cleaning

No accepted criteria exist for defining a surface as clean using microbiologic methods.

NLCS Strengthens Safety and Compliance with Comprehensive Electrical Program

Case study: A renewed partnership with Siemens helps the senior living provider meet NFPA 70B standards, reduce risk, and enhance reliability across its communities.

Sun Valley Surgery Center Suffers a Data Breach

On September 3, 2025, SVSC became aware of a potential issue involving SVSC’s information systems.

EV Charging Stations: Planning for Safety, Convenience, Expansion

Managers need to ensure patient access, coordinate with clinical operations and ensure every phase of construction supports the facility's mission.

Why Ambulatory Surgery Centers Are Turning to Dedicated HVAC Systems

Design experts from Neenan Archistruction explain how single-unit HVAC systems for each operating room enhance infection control, comfort, and resiliency.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.