Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.
Recently Added Articles as of June 12
Check out this week's news brief below, including the fallout from recent third-party data breaches.
Lawsuits spotlight vendor-caused data breaches and weak oversight: Two different organizations are facing lawsuits after third-party cyberattacks resulted in major data breaches. Plaintiffs say the organizations failed to keep personal information safe and question whether the organizations did enough to vet and monitor vendors. These types of suits aren’t uncommon anymore — most of the lawsuits make the case that third-party relationships are known risks organizations are responsible for.
Third-party breaches affect most of Europe’s large financial organizations: Most of Europe’s largest financial services organizations have been affected by third-party data breaches, according to new research. This is a 25% increase from two years ago. On top of the third-party breaches, 97% of the large financial services organizations were impacted by a fourth-party breach. It’s critical that organizations adopt proactive strategies to assess and mitigate third-party cybersecurity risks.
Main health and food distributor disrupted by cyberattack: A cyberattack disrupted the operations of the largest health and food distributor in the U.S. and Canada. The supplier said its ability to fulfill and distribute customer orders was disrupted — and the disruptions are expected to continue. Supply chains continue to be a target for hackers, disrupting not only the supplier, but also organizations.
NHS continues to face blood supply issues after 2024 third-party cyberattack: After a third-party cyberattack in June 2024, the National Health System in England is still facing blood supply issues. The third-party cyberattack disrupted patient care and testing services last year, triggering a national shortage of type O-negative blood.
Recently Added Articles as of June 5
Catch up on this week's recent banking TPRM enforcement actions, the latest third-party data breaches, and best practices to keep your TPRM program strong.
Recent BaaS enforcement actions highlight TPRM importance: Recent enforcement actions and regulatory scrutiny underscore the critical need for strong third-party risk management practices in bank–fintech relationships. Regulators are focused on gaps in anti-money laundering (AML) and know your customer (KYC) compliance. Banks are ultimately responsible for the actions of their partners. At the same time, examiner shortages and evolving third-party structures make self-policing and internal controls more important than ever. Robust third-party oversight is critical to remain compliant and protect your bank’s operations.
Medical patients impacted by third-party breach nearly one year later: Nearly 40,000 patients were potentially impacted by a third-party data breach from July 2024. Although the breach occurred last year, some hospitals haven’t learned of the impact until recently. Compromised data includes Social Security numbers, financial information, and medical information. The Chicago medical group impacted by the third-party breach has ended its relationship with the third party.
Third-party breach at data broker impacts nearly 400,000: A third-party data breach at a data broker has affected almost 400,000 people. A hacker accessed the data broker’s GitHub account, compromising Social Security numbers, drivers’ license numbers, and phone numbers.
Community bank impacted by third-party breach: A third-party breach recently affected a community bank and about 5% of its customers. The bank said it ceased activity with the third-party vendor and said the incident didn’t cause a material impact to operations.
Strategies to address growing third-party risks: Third-party risk isn't just about data breaches anymore; today’s threats also include ransomware attacks, system outages, and software errors that can lead to major business disruptions and hefty costs. To manage this, organizations should assess vendor vulnerabilities with detailed risk reports, understand the potential operational impact of disruptions, and prioritize mitigation strategies based on the vendor's criticality.
Third-party data breach from 2024 revealed to impact almost 2 million: A healthcare third-party data breach from March 2024 has now impacted almost two million people. It now ranks as one of the largest healthcare breaches of 2024. The breach started with a third-party service provider’s system while the healthcare organization itself was a revenue cycle management service provider. These providers are often top targets due to the valuable data they hold. It can often be a lengthy process to determine the full impact of these attacks.
Increasing third-party and AI risks in the manufacturing industry must be addressed: Data breaches in the manufacturing industry continue to increase – including third-party incidents. Increasing cybersecurity threats, new technologies, and third-party dependencies have created the perfect storm manufacturers can’t ignore. While artificial intelligence (AI) introduces new efficiencies, it’s also increasing risks, particularly with AI vendors. Many third parties require system integration and data, creating new vulnerabilities. Assessing vendor risks before the relationship begins is a critical best practice to implement. Understand if the vendor has security protections in place for your data.
.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
