According to new research, the healthcare industry is the most impacted by third-party breaches. Monitoring by Black Kite, a cyber risk intelligence and risk management software company, showed that 41.2% of third-party breaches occur in the healthcare sector. Improving digital connectedness in healthcare promotes growth but increases risk. Threat actors exploit vulnerabilities in the system to access healthcare networks, such as using trusted vendor associations as gateways for disrupting services and stealing data. Black Kite stated that the healthcare sector is very susceptible because of the high value of patient information, the importance of continuous access to that information, the dependence on third-party companies, and common security issues in the healthcare environment.
Organizations are more and more dependent on software systems and third-party software. Threat actors can exploit vulnerabilities in those tools when used by organizations, as what happened in the Cleo File Transfer ransomware campaign and the exploitation of a zero-day vulnerability in the MOVEit Transfer solution of Progress Software in May 2023. In 2024, a hacking group exploited a vulnerability in the population health management (PHM) platform of HealthEC, which impacted 17 healthcare companies. This resulted in disruptions at 40 nursing facilities and 142 hospitals in Texas and Kansas because they rely on the HealthEC systems. Another cyberattack that had the most impact on healthcare was the Change Healthcare ransomware attack. The dysfunction of healthcare companies throughout the United States for a couple of weeks involved data theft affecting around 190 million people.
Although the healthcare industry was most impacted by third-party security breaches in 2024, the report reveals some good improvements. Healthcare vendors improved their security posture right after a security breach and achieved 62.5% better security scores after a data breach. The data analysis done by the Black Kite Research and Intelligence Team (BRITE) showed that 51.7% of announced third-party data breaches were due to unauthorized system access, frequently because of misconfigurations and poor access settings. Ransomware continues to be a predominant threat, being associated with 66.7% of identified attack methods, where third-party vectors were a main part of ransomware campaigns. These ransomware attacks have resulted in extensive outages of the healthcare, retail, and manufacturing industries.
Software vulnerabilities are generally exploited by hackers, such as slow patching of identified vulnerabilities and zero-day vulnerabilities in vendors’ software. Software vendors are often attacked with 25% of breaches conducted by hackers on software supply chains. 8% of known attacks used credential misuse as an attack vector. The attackers used stolen credentials for systems that were without multifactor authentication, which highlights the importance of HIPAA encryption.
Action must be taken to guard against the “silent breaches” in interconnected systems, which according to Black Kite is a major reason for breaches in 2024. Black Kite suggests improving vendor cybersecurity procedures like using rigid risk assessments, implementing contractual security standards, and offering vendor training. Companies must also use proactive tracking to acquire real-time information and aid quick response to security occurrences, perform post-incident assessments, and incorporate the results into prospective preparedness methods.
Digital interconnectedness promotes development, but it likewise raises risk. As a result of dependence on software systems and tools, exploiting just one vulnerability can result in a catastrophe. In these issues, critical lessons came up, showing paths to strength and better cybersecurity strategies. BRITE research provides comprehensive findings to educate cybersecurity leaders while they develop their 2025 systems.
Image credit: ImagePulse, AdobeStock
