The Vendor You Cannot Name.
Two U.S. banks disclosed a breach at the same unnamed third-party vendor in April 2026. Six class action lawsuits followed in two weeks. The vendor still has not been publicly named — and the disclosure language hides what every customer, plaintiff, and regulator actually needs to know.
Order of Operations: The Foundation Risk Healthcare AI Is Running Past
Healthcare organizations are approving AI deployments on foundations they know are incomplete — identity gaps unresolved, vendor integrations unevaluated, data ownership questions deferred. TEFCA is moving patient data nationally at speed while the governance layer is still being assembled, and the CMS policy agenda is accelerating pressure the infrastructure isn't ready to absorb. The patient is sitting in that gap — and the question is whether anyone upstream has checked the water.