Mergers Pose Increased Risk for Cyberattacks

Five factors that make mergers a vulnerable time for healthcare facilities’ cyber defenses.

By Jeff Wardon, Jr., Assistant Editor

Data breaches are a result of cyberattacks, which have become rather common in the healthcare space lately. They can cause copious amounts of patient data to be compromised and stolen by unauthorized parties. With the surge of attacks happening on healthcare facilities, many will find their resources exhausted or ill-prepared. Those factors leave facilities such as hospitals vulnerable to further strikes. 

Additionally, there may even be certain times when healthcare facilities are more susceptible to cyberattacks. One of these times can be hospital mergers, according to a recent report from The University of Texas at Dallas (UTD). 

Research conducted by UTD doctoral student Nan Clement indicates “the period during and after hospital mergers and acquisitions is an especially vulnerable time for patient data when the chance of a cybersecurity breach more than doubles.” Clement researched different hospital merger records and archived data breach reporting from the DHS between the years 2010 to 2022. 

There are a few factors as to why mergers pose a unique circumstance for cyber vulnerability: 

  • System Integration 
  • Distraction/Allocation of Resources 
  • Data Migration 
  • Integration of Third-Party Vendors and Partners 
  • Personnel Changes 

System integration is when the merging parties integrate their IT systems and networks. This is a normal part of merging, however, there is an issue that arises from it: gaps in security. These gaps are created when the integration takes place, and they leave the systems or networks wide open to exploitation by hackers. This is even true when integrating third party vendors and partners, as these external factors can bring more angles for attack if unsecure.  

In addition, mergers require significant amounts of time, resources and focus to manage the overall process. The redirection of resources creates less attention towards cybersecurity considerations, therefore leading to new chances for attacks to happen while defenses may be reduced. During the merger process, personnel can change, too. Newer staff will not be as familiar with the already existing security protocols and even weaknesses. This can cause lapses in judgement and poorly configured systems. 

Then there is data migration, where merged hospitals transmit or consolidate data from separate systems. It can indirectly expose patient data or create vulnerabilities if things are not properly secured for the migration process. 

With that, cybersecurity becomes a more critical priority during mergers. It requires the proper personnel to meet and collaborate with each other on different security practices. From there, staff can be trained in those practices to act if the situation calls for it. If the time comes for a merger, cybersecurity defenses must be kept up.  

Jeff Wardon, Jr. is the assistant editor for the facilities market. 

August 17, 2023

Topic Area: Information Technology , Safety , Security

Recent Posts

3 Ways Technology Can Benefit Facilities Teams

By investing in people supported by innovative technology, facilities will be better equipped to meet evolving challenges.

36th Annual Healthcare Facilities Symposium and Expo Held

The show was held in Charlotte, North Carolina.

Florida Hospital Experiences Two Power Outages in Less Than 24 Hours

Facilities management can mitigate potential outages through training and planning. 

Unique Facility Combines Housing and Healthcare

CCC Blackburn Center gives about 3,000 patients per year access to employment services, housing placement, and complementary clinic services.

KnowBe4 Releases Figures Concerning Healthcare Cyberattacks

The U.S. healthcare industry has become a top target for cyberattacks over the past several years.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.