Hospital and health system vendors continue to be targeted in cyberattacks in 2024, creating data breaches that ultimately affect healthcare organizations.
These breaches compromised protected health information across the U.S.
In 2024 health systems across the U.S., such as Staten Island (N.Y.) University Hospital, Aurora, Colo.-based UCHealth, Manchester, N.H.-based Catholic Medical Center, Memphis, Tenn.-based Regional One Health and St. Louis-based SSM Health reported that patients' protected health information was compromised due to a breach at vendors they work with.
In addition, the cyberattack that is being called the "most significant and consequential cyberattack in American history," happened Feb. 21 against UnitedHealth Group's Change Healthcare.
Change Healthcare provides revenue cycle management services to hospitals and health systems. When the attack hit the organization, hospitals and health systems had to disconnect from Optum's systems. This caused a ripple effect for healthcare organizations as revenue flow was crippled.
Health system IT leaders told Becker's after the incident that the Change hack revealed the vulnerability of healthcare information to third-party attacks.
Healthcare organizations accounted for 35% of third-party breaches, according to a Security Scorecard report from Feb. 28. These breaches significantly impacted the healthcare and financial services sectors, with 64% of all third-party breaches occurring in North America. Additionally, the report highlighted that 98% of organizations are connected to a third party that experienced a breach.