<“
Healthcare Under Siege: Why the Marquis Health Breach Should Terrify Your Security Team
Over 780,000 people just had their most sensitive data stolen—names, Social Security numbers, credit card details, the works—because a trusted security vendor got compromised[1]. This isn’t some ransomware-of-the-week story; this is a masterclass in how third-party risk can absolutely wreck your security posture, even when you think you’ve got everything locked down.
Here’s what actually happened: Marquis Health detected the breach back in 2025, but it only came to light recently when they started sending breach notifications. The culprit? SonicWall, their cybersecurity partner. Attackers leveraged configuration data extracted from SonicWall’s cloud backup infrastructure through an API code change[1]. The kicker—Marquis’s firewall was up to date, and they had MFA and other security controls in place. Didn’t matter. Their vendor got pwned, and so did they.
This is the nightmare scenario: you can do everything right and still lose. The threat actors didn’t need to break into Marquis directly. They went through the back door that Marquis trusted completely. And now Marquis has filed suit against SonicWall because, well, someone’s got to pay for this mess[1].
Why You Should Care
If you’re building or managing any system that relies on third-party vendors—and honestly, who isn’t anymore?—this is your wake-up call. The data exposed here includes names, addresses, Social Security numbers, dates of birth, account numbers, credit/debit card numbers, and taxpayer identification numbers[1]. That’s the full stack of information needed to commit identity theft. For 780,000 people.
And healthcare? February 2026 saw ransomware attacks account for 31% of all reported incidents, with healthcare as the most targeted sector[4]. You’re not paranoid if you think your health provider is a target. They definitely are.
The Real Lesson
You can’t just trust your vendors because they say they’re secure. You need continuous monitoring, regular security assessments, and—this is critical—incident response playbooks that account for vendor compromise scenarios. Because when (not if) your vendor gets hit, you need to move fast.
The structural problem here is brutal: organizations are aggressive about collecting personal data but inadequate about protecting it, especially when that protection depends on third parties[7]. That asymmetry is costing real people real money.
