Analyzing the supply chain risks behind the top data breaches in 2024

In 2024, cyberattacks targeting critical sectors like healthcare, telecommunications, and finance escalated dramatically in the first half of 2024, exposing vulnerabilities in sensitive content communications and the digital supply chain. We evaluated the top 11 data breaches in 1H 2024 using an AI-developed algorithm named the Risk Exposure Index (score 1 to 10 from lowest to highest risk), and found that supply chain cyber risks pose a serious challenge in many instances. 

This article examines the major supply chain implications of these breaches and how they can inform cybersecurity strategies moving forward. 

Change Healthcare: $17.9-billion wake-up call 

The ransomware attack on Change Healthcare, which compromised 100 million records, was tied as the most severe breach of 1H 2024, with a Risk Exposure Index score of 9.46. The breach, which exposed sensitive health data, including medical and billing information, disrupted patient care across numerous facilities. 

Supply chain impact: 

• Third-party risks: As healthcare organizations outsource many IT services, third-party vendors often handle sensitive data. In Change Healthcare’s case, the attack could have been exacerbated by a weak link in the digital supply chain. Healthcare systems frequently interact with external entities like insurance providers, diagnostic labs, and payment processors, increasing the risk of exposure if these third parties are not secured. 

• Operational continuity: The attack’s disruption of healthcare services shows that supply chain integrity is not just a data issue but a matter of operational continuity. When ransomware locks down systems, critical healthcare operations reliant on external suppliers or services can come to a halt. 

National Public Data: 2.9 billion records compromised 

Tied with the highest Risk Exposure Index score at 9.46, the data breach at National Public Data affected 2.9 billion records, exposing personally identifiable information (PII), including Social Security numbers. With a staggering financial impact of $501.7 billion, this incident underscores the immense value of sensitive data managed by data brokers. 

Supply chain impact: 

• Data brokers as critical supply chain nodes: National Public Data acts as a data broker that sells personal information to numerous industries, including fraud prevention services, banking, and retail. The sheer volume of records compromised reflects how interconnected data brokers are within the digital supply chain. A breach in such a node can cascade down the supply chain, affecting the security of thousands of businesses that depend on their data. 

• Regulatory scrutiny: As data brokers are subject to regulations like the CCPA, HIPAA, and GDPR, a breach of this magnitude places every downstream company at risk of compliance violations. Companies relying on external data services must enforce strict third-party management protocols to mitigate cascading risks. 

AT&T: Telecommunications on the edge 

AT&T’s two breaches, with a Risk Exposure Index score of 9.37, impacting 110 million customer records, exposed phone numbers, call records, and other aspects of PII. With an estimated financial impact of $19.7 billion, the incident attracted significant regulatory and reputational backlash. 

Supply chain impact: 

• Telecommunications as a supply chain backbone: Telecommunications companies like AT&T provide the backbone for numerous digital services, including those supporting critical supply chains. When a telecom provider suffers a breach, it can have broad-reaching impacts on other sectors, from retail to manufacturing, that rely on their services for communication and coordination. 

• Security practices across vendors: The breach underscores the need for telcos to scrutinize their vendor relationships. Unauthorized access is often facilitated by weak links in their supplier networks, whether through external IT providers or even the physical infrastructure suppliers. 

Synnovis: Healthcare services disrupted by ransomware 

Synnovis, a U.K. pathology lab, experienced a ransomware attack that compromised 300 million patient interactions. This breach, with a Risk Exposure Index score of 9.11, disrupted healthcare services across the country, resulting in delays and postponement of medical procedures. 

Supply chain impact: 

• Healthcare supply chains: Hospitals and laboratories operate complex supply chains that rely on the timely exchange of data between various departments and third-party suppliers, including diagnostic equipment providers and pharmaceutical firms. Disruptions caused by ransomware attacks can have far-reaching effects, as hospitals are forced to delay treatments or use backup systems that may not be integrated with supply chain partners. 

• Operational fragility: The Synnovis attack highlights how dependent healthcare services are on uninterrupted digital communication, both internally and with external providers. Breaches affecting lab data or pharmaceutical supplies can grind healthcare operations to a halt, posing a serious public health risk. 

Ticketmaster: Exposing customer data in the entertainment supply chain 

The Ticketmaster breach, with a Risk Exposure Index score of 8.79, exposed 560 million customer records via a vulnerability at its cloud partner, Snowflake. Customer names, addresses, and payment card data were compromised. 

Supply chain impact: 

• Third-party cloud providers: Ticketmaster’s reliance on cloud infrastructure managed by Snowflake illustrates how vulnerabilities in cloud providers can expose a company’s entire customer database. Organizations must assess their third-party cloud vendors to ensure they meet stringent security standards. 

• Payment supply chains: Breaches like this expose a critical element of the supply chain—the payment process. When payment card data is leaked, it introduces risks throughout the supply chain, affecting banks, processors, and payment gateways that rely on secure transactional data. 

Kaiser and MediSecure: Health data shared with advertisers 

Kaiser and MediSecure’s breaches, with Risk Exposure Index scores of 7.60 and 7.56, respectively, involving 13.4 million and 13 million records each, stemmed from unintentional data sharing with advertisers through website tracking codes. These incidents highlight the dangers of unintended data exposure through third-party software integrations. 

Supply chain impact: 

• Ad tech integration risks: Many organizations integrate third-party software for marketing and analytics purposes, inadvertently exposing sensitive data. The healthcare sector is particularly vulnerable when private health data, subject to strict regulations, is shared with ad networks. This highlights the need for stringent oversight of third-party integrations and the use of ad trackers. 

• Supply chain security audits: Hospitals and healthcare providers need robust vetting processes for third-party tools that access their websites, particularly those involved in collecting sensitive patient data. A more integrated approach to security in digital ecosystems could prevent such inadvertent breaches. 

Cencora: Pharmaceutical supply chain targeted 

The Cencora breach, with a Risk Exposure Index score of 6.23, affecting data records across 27 pharmaceutical and biotech companies, exposed sensitive health information through a supply chain attack. 

Supply chain impact: 

• Pharmaceutical and biotech supply chain threats: Pharmaceutical companies increasingly rely on data-driven supply chains for research, manufacturing, and distribution. A breach in one part of this interconnected web, as seen in the Cencora case, can lead to downstream impacts across multiple companies. The loss of sensitive health data puts the entire industry at risk of regulatory fines and operational disruptions. 

• Cybersecurity in pharma: As pharmaceutical supply chains grow more digital, they must adopt end-to-end encryption and robust access control mechanisms to ensure that each node, from research labs to distributors, is secured. 

Conclusion: Strengthening supply chain cybersecurity 

These high-profile breaches from the first half of 2024 underscore the increasing vulnerabilities within the digital supply chain. Whether through third-party vendors, cloud service providers, or inadvertent data sharing, the interconnected nature of modern business ecosystems demands a robust, multi-layered approach to cybersecurity. 

Key recommendations include: 

• Continuous monitoring of third-party risks: Organizations should implement ongoing assessments and stricter security protocols for vendors and supply chain partners. 

• Enhanced data governance: Developing strong data classification and protection strategies can help mitigate risks, particularly when sensitive data is shared across complex networks. 

• Zero-trust security: A zero-trust security approach ensures that every internal and external entity accessing sensitive data and systems is continuously authenticated and authorized. By enforcing strict identity verification and access control measures, this approach protects organizations from unauthorized access and potential threats, creating a resilient security framework that safeguards critical information assets at every stage.

To mitigate these escalating supply chain risks, organizations need to prioritize proactive risk management and resilient cybersecurity practices. Strengthening third-party oversight and embedding robust data governance across operations will go a long way in protecting sensitive data and ensuring continuity in today’s interconnected digital landscape.

About the author:

Tim Freestone

Tim Freestone, the chief strategy officer at Kiteworks, is a senior leader with more than 17 years of expertise in marketing leadership, brand strategy, and process and organizational optimization. Since joining Kiteworks in 2021, he has played a pivotal role in shaping the global landscape of content governance, compliance, and protection. He can be reached at [email protected].

SC
MR