More Than One-Third of Data Breaches Due to Third-Party Supplier Compromises
Cyber actors are increasingly exploiting vulnerabilities at vendors, suppliers, and software providers to infiltrate the networks of organizations. According to a recent report from SecurityScorecard, at least 35.5% of all data breaches in 2024 originated from third-party compromises, up 6.5% from 2023. The number of data breaches stemming from third parties is likely higher since the third-party component of data breaches is not always disclosed.
The Global Third Party Breach Report is based on data collected by SecurityScorecard’s STRIKE Threat Intelligence Unit from organizations in multiple sectors. Third-party breaches are classed as breaches that originated at a vendor, supplier, or partner, with the attackers pivoting to infiltrate the networks of business-to-business customers, and where data from one organization is compromised while in the custody of a third party.
A majority of the breaches were reported by entities in North America, which accounted for 59% of data breaches and 53% of third-party breaches. Healthcare, pharmaceuticals, and biotechnology firms had the highest volume of third-party breaches (22%), although these sectors had the highest number of breaches overall. Across the 1,000 data breaches included in the dataset, 242 occurred in healthcare, pharmaceuticals, and biotechnology firms, almost double the number of breaches in the second most targeted sector – government, defense, and aerospace.
In healthcare, 32.2% of all data breaches involved compromises at third parties, a lower percentage than in several other industry sectors. This is not because healthcare organizations are better at protecting against third-party data breaches, but because organizations in this sector are often attacked directly. Healthcare organizations are viewed as easy targets due to perceived weaker security than other sectors, lower downtime tolerance, and they store high volumes of sensitive and valuable data. The high number of direct attacks indicates hackers do not need to conduct more complex attacks on vendors, as there are ample opportunities to attack these organizations directly.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Ransomware actors and other extortion groups are increasingly targeting supply chains, with 41.4% of incidents having a third-party component. Cl0p is by far the most prolific threat actor in this category due to the mass exploitation of vulnerabilities in third-party file transfer solutions. Other threat groups that were highly active last year include RansomHub, which has grown into the most dominant ransomware group following the shutdown of the AlphV/BlackCat ransomware group and law enforcement operations disrupting the LockBit ransomware group.
In 2023, 75% of third-party breaches involved technology products; however, in 2024, threat actors diversified, with only 46.75% of breaches involving technology products. File transfer software was the top breach enabler (14%) due to the exploitation of vulnerabilities in Cleo software by the Cl0p group, followed by breaches of cloud products and services (8.35%). While the technology used by multiple industry sectors was much more likely to be targeted, products and services specific to healthcare and financial services were involved in 27.5% of third-party breaches, similar to 2023. In healthcare, the most common industry-specific attack vectors were pharmaceutical distribution and clinical trial support vendors (7%), healthcare administrative and management services (4.25%), and healthcare software, mobile apps, and telehealth services (2%).
SecurityScorecard recommends prioritizing supply chain security, including demanding secure-by-design technology and hardening high-risk infrastructure, especially file transfer software, cloud infrastructure, VPN solutions, and healthcare-specific services.
