Recent major cyber incidents have clearly shown the far-reaching impacts of health care data breaches, along with the risks posed by third-party vendors. Learn more about the true cost of cyberattacks and their increased potential through vendor relationships in this article by ComplyAssistant, a HASC Endorsed Business Partner.
The True Cost of Cyberattacks
Two major recent incidents illustrated the far-reaching consequences of health care data breaches:
- Netgain Technology Settlement: The cloud services provider’s $1.9 million settlement over a 2020 ransomware attack reinforced that data security failures carry substantial financial penalties. This case highlighted the critical importance of thorough vendor security assessments and comprehensive business associate agreements. As regulatory scrutiny intensifies, organizations can no longer treat vendor security as someone else’s problem.
- National Health Service (NHS) Blood Crisis: Perhaps the most sobering reminder of cyber attacks’ lasting impact came from England, where the NHS continues battling blood supply shortages nearly one year after a ransomware attack on pathology laboratory provider Synnovis. The June 2024 attack disrupted critical blood testing services at major London hospitals, forcing cancellation of over 10,000 appointments and 1,700 procedures. More than a year later, NHS Blood and Transplant blood stocks remained critically low, demonstrating how a single vendor compromise creates cascading effects throughout an entire health care system.
The Vendor Risk Reality
These incidents underscore a persistent vulnerability: third-party vendor relationships. With health care organizations relying on 300-plus vendors on average, each relationship represents a potential entry point for cyber threats. As security expert Katie Moussouris warns, “Ransomware threat actors will take advantage of the fact that you don’t know what you have, but they do.”
The Cybersecurity & Infrastructure Security Agency’s August 2025 guidance on operational technology asset protection emphasized this critical yet often overlooked aspect: maintaining complete visibility into connected medical devices, infrastructure systems and operational technology. Health care organizations managing everything from patient monitoring systems to HVAC controls need systematic approaches to asset management as the foundation for resilient cybersecurity programs.
—–
ComplyAssistant is a trusted HASC partner that provides comprehensive software and v-CISO (virtual chief information security officer) solutions to streamline and organize intricate security and compliance processes. The firm’s extensive security and compliance expertise empowers organizations in navigating the complexities of the digital landscape. To learn more, please visit https://www.complyassistant.com and follow the company on LinkedIn or Facebook.