Tag

Risk Assessment

posts

Third Party Risk

Third Party Vendor Cybersecurity Risk: A 2026 Guide

In early 2024, a breach at Change Healthcare — a subsidiary of UnitedHealth Group — crippled pharmacies and hospitals across the United States for weeks. The attack didn't start at a hospital. It started at a third party vendor. A single set of compromised credentials on a system without multi-factor

Carl B. Johnson Jun 24, 2026 5 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update

Carl B. Johnson Jun 08, 2023 8 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

In 2023, a single compromised file transfer tool — MOVEit — cascaded into breaches affecting over 2,600 organizations and roughly 90 million individuals. The threat actor, the Cl0p ransomware group, didn't need to hack each victim directly. They exploited one vendor, and the dominoes fell. That's third

Carl B. Johnson Jul 27, 2020 7 min read