Mergers Pose Increased Risk for Cyberattacks

Five factors that make mergers a vulnerable time for healthcare facilities’ cyber defenses.

By Jeff Wardon, Jr., Assistant Editor

Data breaches are a result of cyberattacks, which have become rather common in the healthcare space lately. They can cause copious amounts of patient data to be compromised and stolen by unauthorized parties. With the surge of attacks happening on healthcare facilities, many will find their resources exhausted or ill-prepared. Those factors leave facilities such as hospitals vulnerable to further strikes. 

Additionally, there may even be certain times when healthcare facilities are more susceptible to cyberattacks. One of these times can be hospital mergers, according to a recent report from The University of Texas at Dallas (UTD). 

Research conducted by UTD doctoral student Nan Clement indicates “the period during and after hospital mergers and acquisitions is an especially vulnerable time for patient data when the chance of a cybersecurity breach more than doubles.” Clement researched different hospital merger records and archived data breach reporting from the DHS between the years 2010 to 2022. 

There are a few factors as to why mergers pose a unique circumstance for cyber vulnerability: 

  • System Integration 
  • Distraction/Allocation of Resources 
  • Data Migration 
  • Integration of Third-Party Vendors and Partners 
  • Personnel Changes 

System integration is when the merging parties integrate their IT systems and networks. This is a normal part of merging, however, there is an issue that arises from it: gaps in security. These gaps are created when the integration takes place, and they leave the systems or networks wide open to exploitation by hackers. This is even true when integrating third party vendors and partners, as these external factors can bring more angles for attack if unsecure.  

In addition, mergers require significant amounts of time, resources and focus to manage the overall process. The redirection of resources creates less attention towards cybersecurity considerations, therefore leading to new chances for attacks to happen while defenses may be reduced. During the merger process, personnel can change, too. Newer staff will not be as familiar with the already existing security protocols and even weaknesses. This can cause lapses in judgement and poorly configured systems. 

Then there is data migration, where merged hospitals transmit or consolidate data from separate systems. It can indirectly expose patient data or create vulnerabilities if things are not properly secured for the migration process. 

With that, cybersecurity becomes a more critical priority during mergers. It requires the proper personnel to meet and collaborate with each other on different security practices. From there, staff can be trained in those practices to act if the situation calls for it. If the time comes for a merger, cybersecurity defenses must be kept up.  

Jeff Wardon, Jr. is the assistant editor for the facilities market. 

August 17, 2023

Topic Area: Information Technology , Safety , Security

Recent Posts

How Technology is Evolving Healthcare Design

Emerging technology is changing the way healthcare facilities are designed from the very beginning.

Cedars-Sinai Joins White House AI Consortium

Cedars-Sinai has also joined the TRAIN group, which is led by Microsoft.

Update Survey Spotlights Pay for Security Professionals 

Managers can sort the salary data based on titles, responsibility, gender, location, experience and certification.

OSF HealthCare Saint Elizabeth Medical Center – Peru Opens

The newly opened hospital is more focused on outpatient services.

Healthcare Ranks Highest for Ransomware Complaints: Report

The healthcare and public health sector filed 249 ransomware complaints to the FBI in 2023.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.