Beaumont Health joins a list of 11 other known health organizations that were affected by the attack. The Accellion incident is a continuous reminder to not use old software and to implement patches made for vulnerabilities when they’re released. Companies may want to consider a third-party risk management (TPRM) program. A blog on Security Boulevard written by Tony Howlett highlights how companies can either create a TPRM program or improve one that’s already in place. Some of those recommendations include:
• Do better vendor risk assessments before onboarding new vendors and on a more regular basis.
 Implement more controls for risky and critical vendors.
 Multi-factor authentication (MFA) should be a standard control.
 Add credential vaulting and privilege access management for any use of privileged credentials by third-party vendors.
 Closer reviews of key supply chain vendors should also be instituted.

https://www.cyberscoop.com/accellion-breach-exposed-data-from-patients-at-major-michigan-hospital-system/

https://securityboulevard.com/2021/03/accellion-data-breach-highlights-third-party-cyber-risk/