Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity

Collaboration and intelligence sharing are crucial actions to take to defend against cyberattacks, including ones linked to third parties.

By Jeff Wardon, Jr., Assistant Editor


Black Kite’s Third-Party Breach Report highlights how “silent breaches” within interconnected ecosystems dominated cyber threats in 2024. The report found that unauthorized network access caused over 50 percent of third-party breaches. Ransomware accounted for 66.7 percent of attacks, and software vulnerabilities remained a major risk. Credential misuse also grew, and software vendors became prime targets as they accumulated 25 percent of breaches. 

Healthcare was the most affected sector, making up 41.2 percent of third-party breaches due to its reliance on vendors and the high value of patient data. However, cybersecurity posture improved in some industries post-breach, especially in healthcare (62.5 percent) and financial services (33 percent), while software vendors lagged (21.7 percent). 

Third-party vendors are an avenue for cybercriminals to gain unauthorized access to the vendor itself and any organization tied to it. From there, these criminals can cause major disruptions to all parties entangled in this web. 

Related: Report Sheds Light on Cyberattack and Data Breach Trends from 2024

“When I think about the current environment, these system disruptions and data breaches are really the digital weapons of choice for today's cyber criminals and nation states to achieve their goals,” Errol Weiss, chief security officer at Health-ISAC, previously told Healthcare Facilities Today

Collaboration and intelligence sharing are key to understanding what’s going on with these disruptions and how healthcare organizations can defend themselves. 

“I would liken intelligence sharing to a virtual neighborhood watch program,” says Weiss. “So, if you experience a break in, you're able to share that experience with your peers, your neighbors, and let them understand how the bad guys got in.” 

Intelligence sharing allows organizations to understand what the bad actors are doing and how to counter their attacks, Ben DeBow, founder and chief executive officer at Fortified, previously told Healthcare Facilities Today. It also harms healthcare organizations in general when others neglect to share their information. 

“As other organizations around the world are breached, we need to keep on learning and learning from each of those incidents,” says DeBow. “We must be making sure that we are staying diligent and in filling in those holes, those attack vectors and addressing those as an organization prepares and becomes stronger.” 

Jeff Wardon, Jr., is the assistant editor of the facilities market. 



February 20, 2025


Topic Area: Information Technology , Security


Recent Posts

What Modern Architectural Trends Shape Healthcare Facilities Design

The average U.S. building is over 50 years old, but people are expecting more modern design when it comes to their healthcare facility.


Vera Whole Health Opens Fifth Atlanta Area Care Center

The new East Point location further expands Vera Whole Health's footprint in the Atlanta metropolitan area.


Using Drones with Safety and Privacy in Mind

By addressing key considerations, managers can avoid problems and realize the substantial benefits drones can provide throughout the construction lifecycle.


MultiCare and Kootenai Health Announce 30-acre Prairie Medical Campus

Development on phase one is scheduled to begin in 2025, with an anticipated 24 to 36-month timeline for completing projects in this phase.


Retrofitting Healthcare Facilities for EV Charging

With EV adoption growing, healthcare facilities may face some challenges when retrofitting their buildings for charging.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.