Despite cybersecurity prioritization following the onset of the COVID-19 pandemic, the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents last year.

Black Kite's Third-Party Breach Report examined the impact of third-party cyber breaches in 2021, finding that ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents analyzed. Following ransomware in frequency were unauthorized network access (15%) and unsecured servers and databases (12%).

Attackers were able to infiltrate networks and steal data through a variety of methods, including exploiting weak passwords and access controls to gain unauthorized network access. Insecure external facing servers and databases also provided easy access to valuable data. Overall, 1.5 billion users' personally-identifiable information (PII) was leaked as a result of third-party breaches in 2021.

The healthcare sector faced the highest amount of breaches, with one-third of cyberattacks targeting healthcare organizations. With its rich and diverse personally-identifiable information (PII) data, the government sector accounted for 14% of third party attacks in 2021.

Software publishers ranked as the most at-risk vendor for a third consecutive year. Exploitations of software vulnerabilities have led to some of the most notable attacks over the last few years, including the 2020 SolarWinds attack.

For more report findings, click here.