41% of 2024 Third Party Breaches Affected Healthcare Organizations
New research has confirmed that healthcare is the industry most impacted by third-party breaches, accounting for 41.2% of all third-party breaches tracked by the cyber risk intelligence and third-party risk management software provider Black Kite. Increasing digital connectedness in healthcare drives progress but also heightens risk, and threat actors are increasingly taking advantage of systemic vulnerabilities to gain access to healthcare networks, including turning trusted vendor relationships into gateways for disruption and data theft. Black Kite explained that the healthcare industry is particularly vulnerable due to the high value of patient data, the need for constant access to that data, the reliance on third-party vendors, and inherent security challenges within the healthcare ecosystem.
Organizations are increasingly reliant on software platforms and third-party tools, but vulnerabilities in those tools can be exploited by threat actors to attack all organizations that rely on those tools, as was demonstrated by the mass exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and last year’s Cleo File Transfer ransomware campaign. Last year also saw a hacking group exploit a single vulnerability in the population health management (PHM) platform HealthEC, which affected 17 healthcare organizations, and outages were caused at 142 hospitals and 40 nursing facilities in Texas and Kansas stemming from their reliance on interconnected vendor ecosystems. There was also the most impactful healthcare cyberattack in history – the ransomware attack on Change Healthcare – that caused massive disruption to healthcare providers across the United States for several weeks and involved the theft of the data of approximately 190 million individuals.
While healthcare was the industry most affected by third-party breaches in 2024, the report shows some positive developments. Healthcare vendors showed the most significant improvement to their security posture after a security breach, with 62.5% achieving better security ratings after a breach. The analysis of data collected by the Black Kite Research and Intelligence Team (BRITE) revealed that 51.7% of publicly disclosed third-party data breaches resulted from unauthorized network access, often as a result of misconfigurations and weak access controls. Ransomware remains a pervasive threat, accounting for 66.7% of known attack methods, with third-party vectors playing a central role in ransomware campaigns. These attacks have caused widespread disruption in the healthcare, manufacturing, and retail sectors.
Software vulnerabilities were commonly exploited, with hackers taking advantage of slow patching of known vulnerabilities as well as the exploitation of zero-day vulnerabilities in vendors’ solutions. Software vendors were among the most often targeted entities, accounting for one-quarter of breaches as hackers turned their attention to software supply chains. Credential misuse was also common, accounting for 8% of known attack methods, with many breaches stemming from the misuse of stolen credentials for systems that lacked multifactor authentication.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Action needs to be taken to protect against what Black Kite refers to as “silent breaches” lurking in interconnected systems – a major cause of breaches in 2024. Black Kite recommends strengthening vendor cybersecurity practices such as implementing robust risk assessments, enforcing contractual security requirements, and promoting vendor training. Organizations should also adopt proactive monitoring to obtain real-time insights and support rapid response to security incidents, conduct post-incident reviews, and integrate the findings into future preparedness strategies.
“Digital interconnectedness drives progress, but it also heightens risk. Because of our increasing reliance on software platforms and tools, the exploitation of a single vulnerability can have a catastrophic impact,” said Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. “Amidst these challenges, critical lessons emerged, revealing pathways to resilience and improved cybersecurity practices. BRITE research offers a detailed look at these findings to inform cybersecurity leaders as they build their 2025 strategies.”
