February 08, 2023 - While the number of total third-party breaches slightly dipped in 2022, the attacks impacted nearly twice as many victims, wreaking havoc on the healthcare industry more than any other sector, Black Kite’sThird-Party Breach Report found.
Researchers compiled their findings from a subset of data focused on 63 individual third-party incidents, which created a ripple effect of breaches throughout 2022.
Almost 63 attacks on vendors caused third-party breaches impacting almost 300 data breach victims. The level of breach impact increased in the last year as there were 4.73 affected companies per vendor in 2022 compared to 2.46 companies per vendor in 2021.
Digging Deeper
- Rise in Third-Party Data Breaches Requires Updated Risk Management Approach
- Healthcare CISOs Form Health3PT Council to Improve Third-Party Risk Management
- How An Independent Practice Recovered From a Third-Party Ransomware Attack
“One could easily speculate that hackers are conducting smarter attacks, aiming for more initiatives that garner a higher number of victims from a single strike,” the report stated.
“It is of no surprise that over time, the threat actor community has learned to make the most of each attack, hence pivoting to more profitable business models. Ransomware, in particular, RaaS (ransomware as a service,) are business models that have ramped up over the last few years.With the impact of third-party breaches doubling this year, understanding even a vendor's basic cyber posture is an important part of the equation.”.
Researchers linked the increased number of victims to the domino effect that occurs when one third-party breach poses a risk to other connected vendors, a notion also known as cascading risk. Specifically, the researcher described the term as the “chain of causality that emerges when risk and accumulated vulnerabilities connect to increase the chance of attack.”