Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity

Collaboration and intelligence sharing are crucial actions to take to defend against cyberattacks, including ones linked to third parties.

By Jeff Wardon, Jr., Assistant Editor


Black Kite’s Third-Party Breach Report highlights how “silent breaches” within interconnected ecosystems dominated cyber threats in 2024. The report found that unauthorized network access caused over 50 percent of third-party breaches. Ransomware accounted for 66.7 percent of attacks, and software vulnerabilities remained a major risk. Credential misuse also grew, and software vendors became prime targets as they accumulated 25 percent of breaches. 

Healthcare was the most affected sector, making up 41.2 percent of third-party breaches due to its reliance on vendors and the high value of patient data. However, cybersecurity posture improved in some industries post-breach, especially in healthcare (62.5 percent) and financial services (33 percent), while software vendors lagged (21.7 percent). 

Third-party vendors are an avenue for cybercriminals to gain unauthorized access to the vendor itself and any organization tied to it. From there, these criminals can cause major disruptions to all parties entangled in this web. 

Related: Report Sheds Light on Cyberattack and Data Breach Trends from 2024

“When I think about the current environment, these system disruptions and data breaches are really the digital weapons of choice for today's cyber criminals and nation states to achieve their goals,” Errol Weiss, chief security officer at Health-ISAC, previously told Healthcare Facilities Today

Collaboration and intelligence sharing are key to understanding what’s going on with these disruptions and how healthcare organizations can defend themselves. 

“I would liken intelligence sharing to a virtual neighborhood watch program,” says Weiss. “So, if you experience a break in, you're able to share that experience with your peers, your neighbors, and let them understand how the bad guys got in.” 

Intelligence sharing allows organizations to understand what the bad actors are doing and how to counter their attacks, Ben DeBow, founder and chief executive officer at Fortified, previously told Healthcare Facilities Today. It also harms healthcare organizations in general when others neglect to share their information. 

“As other organizations around the world are breached, we need to keep on learning and learning from each of those incidents,” says DeBow. “We must be making sure that we are staying diligent and in filling in those holes, those attack vectors and addressing those as an organization prepares and becomes stronger.” 

Jeff Wardon, Jr., is the assistant editor of the facilities market. 



February 20, 2025


Topic Area: Information Technology , Security


Recent Posts

Frederick Health Hospital Faces 5 Lawsuits Following Ransomware Attack

The lawsuits accuse FHH of inadequate cybersecurity, poor breach notification and failing to protect patients from identity theft risks.


Arkansas Methodist Medical Center and Baptist Memorial Health Care to Merge

They have signed a non-binding letter of intent to complete a shared mission agreement to merge the two organizations.


Ground Broken on Intermountain Saratoga Springs Multi-Specialty Clinic

The clinic is scheduled to open and start seeing patients in the fall of 2026.


Electrical Fire Tests Resilience of Massachusetts Hospital

Signature Healthcare Brockton Hospital used opportunity to renovate key systems and components and expand facility operations.


Bomb Threat Alleged at Illinois Hospital

The alleged suspect was taken into police custody, and the threat was determined to be unfounded.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.