Why Cyberattackers Target Third-Party Vendors

Recent big data breaches that affected third-party vendors like Change Healthcare targeted critical security risk management issues for business associates and vendors. These breaches have proven the necessity of security measures and comprehensive monitoring of third-party vendors, specifically in the healthcare, finance, and defense sectors.

Cybercriminals are increasingly targeting third-party vendors because of the big impact resulting from these cyberattacks. Attacking larger entities with connections to different organizations is more lucrative than focusing on individual institutions. Instead of going after a single hospital, threat actors aim for larger entities like Change Healthcare or SolarWinds, which have many clients in healthcare, government, finance, and defense.

This trend highlights the importance of compliance and due diligence when dealing with covered entities and business associates. Ensuring that these organizations fully understand their obligations under federal regulations, such as HIPAA and the HITECH Act, as well as applicable state laws, is essential. Be sure to conduct thorough evaluations before signing business associate agreements, as these agreements require both parties to attest to their compliance with these regulations. Don’t attest to something that isn’t accurate, as it could lead to serious issues in the event of a data breach.

Healthcare-related organizations, particularly those that use online tracking tools or handle patient health records should ensure compliance with regulations set by the Department of Health and Human Services (HHS), including the information blocking rules, HIPAA, and various state laws that require healthcare providers to give patients access to their health records in their preferred format. Organizations must also ensure that their cybersecurity practices align with the performance goals set by HHS, which are mapped to the HIPAA Security Rule.

As cybersecurity threats continue to evolve, healthcare organizations should remain vigilant in staying compliant with these regulations, which potentially could change depending on future events like the 2024 U.S. presidential elections.

Photo credits: IDOL’foto, AdobeStock

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

John Blacksmith

John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism.
Twitter
LinkedIn