Over 80 percent of stolen protected health information (PHI) so far this year didn’t come from hospitals… it came from their vendors, according to a Becker’s Hospital Review update on PHI cybersecurity. Even more striking, more than 90 percent of hacked health records were stolen from outside the EHR.

Those two numbers redefine where healthcare security risk truly lies. The typical hospital’s firewall isn’t the front line anymore. Risk surfaces include:

Analytics platforms

Billing services

Patient-engagement tools

Telehealth systems

Business associates

Health plans

…and more

Protecting patient data in 2025 requires understanding that your vendors’ infrastructure is part of your own security posture.

Why vendor breaches dominate today’s threat landscape

Healthcare’s rapid

See Full Page