Skip to main content

Cybersecurity

February 13, 2026

 

When vendors become vectors: Health care cybersecurity needs preventative care

Like infections slipping through vulnerable tissues to spread through the body, third-party vendors are often the weak spot for the health care industry.

A doctor looks at a computer screen.

Scott Steinberg

Contributor

Health care companies store some of the most sensitive and private information, including patient data, clinical research and proprietary treatments with the potential to become the next blockbuster therapy.

It’s no surprise they are under near constant attack by cybercriminals. Over the last 24 months, 96% of health care organizations have suffered at least two data breaches, at an average cost of roughly $11 million per incident.

But even as the industry invests in tightened security and better data protections, the threat continues to expand as cybercriminals target third-party vendors, as well as the partners, platforms and subcontractors those vendors use. These all have the potential to become unwitting carriers of malicious code or ransomware, giving cybercriminals a way to spread into the main organization undetected.

Ransomware attacks, in which cybercriminals hold critical health care records hostage, are particularly pernicious, and can cross the line from economic crime to a threat-to-life crime, says John Riggi, national advisor for cybersecurity and risk at the American Hospital Association.

In the U.K., the 2017 WannaCry ransomware attack forced the cancellation of thousands of critical and emergency operations and thousands more routine appointments. Some hospitals couldn’t even accept incoming phone calls. 

That cyberattack sounded the alarm across sector: Health conditions that might not be life-threatening could become so without timely treatment. One study of the impact of a 2021 ransomware attack on four acute-care hospitals in California saw an increase in strokes and cardiac arrests and a decrease in survival of those patients at nearby hospitals affected by the spillover from the targeted hospitals.

“Hospitals and health systems are extremely complex organizations that need to be open 24/7 and must communicate with many, many third-party providers,” Riggi says. “A lot of the risk that we are exposed to now originates from outside our enterprise boundaries and is beyond our control.”

That means health care organizations are essentially only as secure as the weakest link in their networks. Yet just half of those organizations maintain a comprehensive inventory of all third parties accessing their network, and 60% say third-party access to confidential or sensitive information is not routinely monitored, according to a 2025 report in Applied Clinical Informatics.

 

A smarter approach to threat intelligence and vigilance

Just as they do with patients, providers must address these vulnerabilities holistically, fortifying their defense solutions while also rigorously managing third-party risk. That means working to more actively maintain comprehensive inventories of and visibility into all vendors. It also means enforcing strict access controls across the entire enterprise, implementing smarter cyber risk management tools and monitoring any third parties with access to sensitive information, whether it’s patient data, payment info or innovative therapies.

“The age of only using historical information to assess your vendors’ potential security risk to your organization is over,” says Jamie Zajac, chief product officer at Recorded Future, the threat intelligence company acquired by Mastercard in 2024.“We’re now entering an era where it’s vitally important to have access to forward-looking data.”

 

You should never know less about your own organization’s operations than attackers do.

Jamie Zajac

 

Automated technology solutions that can help health care companies discover and address potential concerns are just such a weapon. These systems continuously monitor medical organizations’ entire technology ecosystems, looking for suspicious activity. This might entail unusually high traffic, a lot of queries from somewhere the business doesn’t operate or a sudden influx of requests for access to a server. Such tools can also assess generalized threat and more effectively monitor for specific issues to ensure vendors don’t accidentally jeopardize operations or introduce risk.

“You should never know less about your own organization’s operations than attackers do,” Zajac says. “Using these tools helps shift the information advantage to you as a health care organization and gives you a leg up on threat actors.”

 

Safeguarding tomorrow’s therapies

Investing in third-party monitoring and screening should be viewed as a strategic priority, experts say. Companies need a more proactive cybersecurity strategy that gives them greater visibility into network operations, and more ways to offer a flexible and rapid response at every turn.

“We need more ways to dynamically and continuously monitor third-party networks and understand potential vulnerabilities on a near real-time basis,” Riggi says.

Pairing heightened threat intelligence capabilities with that third‑party oversight — along with more robust identity controls — can help firms better safeguard high-tech infrastructures, as well as help more effectively contain fallout in the event of an incident.

“Understanding the scope of potential attack surfaces and types of cyberattacks that may be levied against you is incredibly important,” seconds Zajac. “The more you understand your IT infrastructure’s potential strengths and weaknesses and the more you’re aware of attackers’ possible tactics and strategies, the better off you’ll be.”

 

Protecting life-saving IP with threat intelligence

With Recorded Future, vaccine developer Novavax is protecting critical intellectual property by becoming proactive against emerging threats, reducing alert fatigue and effectively prioritizing risks.

Read more
A man in a dark room with computer coding reflected in his eyeglasses.

What spending data tells us about cyberattacks

Mastercard spending data reveals how cyberattacks trigger stockpiling, shortages and economic disruption, shaping policy and cybersecurity priorities.
Read more
Abstract image of lines of code connected by points of light.