Insights and analysis from the CYBERSOL team.
The Deaconess Health System breach—in which a third-party medical records vendor was compromised, exposing patient information across two hospitals—is not...
The compromise of a revenue cycle management (RCM) vendor affecting 140,000 patients at a South Carolina diagnostics company—reported to HHS in February...
The Stryker cyberattack is not primarily an operational incident. It is a governance failure that reveals how healthcare organizations bear clinical and regulat
The Stryker medical technology incident—involving compromise of a Microsoft Intune administrator account that enabled attackers to remotely wipe approximately...
The Conduent breach—now affecting 25 million individuals across healthcare, government benefits, and corporate payroll systems—represents more than a data...
When a service provider is breached, regulatory and contractual liability flows to the primary organization—not the vendor.
The Ericsson breach—affecting 15,661 individuals and traced to a vishing attack on an unnamed third-party vendor—exposes a structural governance failure that ex
The Marquis Software breach—affecting 672,075 confirmed individuals across 74 financial institutions, with estimates reaching 1.35 million—is not primarily a...
Supply chain attacks have evolved from isolated vendor compromises into a three-layer exploitation strategy: direct supplier breach, multi-tenant platform...
The Ericsson breach—triggered by a vishing attack against an unnamed third-party vendor in April 2025 but not disclosed to Ericsson until November 2025—represen
The Crunchyroll breach—triggered by the compromise of a single Telus vendor employee—exposes a structural governance failure that regulators, auditors, and...
The Financial Conduct Authority's formalization of incident and third-party reporting rules represents a watershed moment in how regulatory bodies treat supply...
When a single third-party vendor breach affects 74 banking institutions and compromises 672,075 individuals, the failure is not technical—it is structural.
Supply chain compromise through third-party suppliers represents a structural governance failure, not merely a technical incident.
The Financial Conduct Authority's updated cyber incident and third-party reporting framework—effective March 18, 2027—codifies a governance reality that most...
Supply chain compromises represent a structural liability exposure that extends far beyond the vendor relationship itself.
Supply chain breaches have fundamentally shifted from isolated incidents to coordinated, self-reinforcing attack cycles that blur the boundary between initial...
The Financial Conduct Authority's clarification of cyber incident and third-party reporting requirements signals a critical structural weakness in how...
When a single vendor's infrastructure fails under cyberattack, the damage does not stop at that vendor's balance sheet.
The Deaconess Health System breach—originating from third-party vendor MediCopy's compromised cloud infrastructure—is not a vendor failure story.
Browse by month