Mergers Pose Increased Risk for Cyberattacks

Five factors that make mergers a vulnerable time for healthcare facilities’ cyber defenses.

By Jeff Wardon, Jr., Assistant Editor


Data breaches are a result of cyberattacks, which have become rather common in the healthcare space lately. They can cause copious amounts of patient data to be compromised and stolen by unauthorized parties. With the surge of attacks happening on healthcare facilities, many will find their resources exhausted or ill-prepared. Those factors leave facilities such as hospitals vulnerable to further strikes. 

Additionally, there may even be certain times when healthcare facilities are more susceptible to cyberattacks. One of these times can be hospital mergers, according to a recent report from The University of Texas at Dallas (UTD). 

Research conducted by UTD doctoral student Nan Clement indicates “the period during and after hospital mergers and acquisitions is an especially vulnerable time for patient data when the chance of a cybersecurity breach more than doubles.” Clement researched different hospital merger records and archived data breach reporting from the DHS between the years 2010 to 2022. 

There are a few factors as to why mergers pose a unique circumstance for cyber vulnerability: 

  • System Integration 
  • Distraction/Allocation of Resources 
  • Data Migration 
  • Integration of Third-Party Vendors and Partners 
  • Personnel Changes 

System integration is when the merging parties integrate their IT systems and networks. This is a normal part of merging, however, there is an issue that arises from it: gaps in security. These gaps are created when the integration takes place, and they leave the systems or networks wide open to exploitation by hackers. This is even true when integrating third party vendors and partners, as these external factors can bring more angles for attack if unsecure.  

In addition, mergers require significant amounts of time, resources and focus to manage the overall process. The redirection of resources creates less attention towards cybersecurity considerations, therefore leading to new chances for attacks to happen while defenses may be reduced. During the merger process, personnel can change, too. Newer staff will not be as familiar with the already existing security protocols and even weaknesses. This can cause lapses in judgement and poorly configured systems. 

Then there is data migration, where merged hospitals transmit or consolidate data from separate systems. It can indirectly expose patient data or create vulnerabilities if things are not properly secured for the migration process. 

With that, cybersecurity becomes a more critical priority during mergers. It requires the proper personnel to meet and collaborate with each other on different security practices. From there, staff can be trained in those practices to act if the situation calls for it. If the time comes for a merger, cybersecurity defenses must be kept up.  

Jeff Wardon, Jr. is the assistant editor for the facilities market. 



August 17, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

The Impact of Lighting on Aesthetics and Atmosphere in Healthcare

Lighting manufacturers discuss how lighting affects the look and feel of healthcare facilities.


Nearby Explosion Damages Avera St. Anthony's Hospital in Nebraska

No major injuries to patients or employees were reported.


Baptist Memorial Hospital-Collierville to Begin Expansion Project Construction

The expansion for the ICU is expected to be complete in the fall of 2025, with the emergency department to be complete a few months after.


Proofpoint and Ponemon Institute Release Third Annual Healthcare Cybersecurity Survey

The survey found that 92 percent of organizations surveyed experienced at least one cyberattack in the past 12 months.


Infection Control in the Splash Zone

Handwashing sinks have been a target for infection control improvement in hospitals and other healthcare facilities.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.