Mergers Pose Increased Risk for Cyberattacks

Five factors that make mergers a vulnerable time for healthcare facilities’ cyber defenses.

By Jeff Wardon, Jr., Assistant Editor


Data breaches are a result of cyberattacks, which have become rather common in the healthcare space lately. They can cause copious amounts of patient data to be compromised and stolen by unauthorized parties. With the surge of attacks happening on healthcare facilities, many will find their resources exhausted or ill-prepared. Those factors leave facilities such as hospitals vulnerable to further strikes. 

Additionally, there may even be certain times when healthcare facilities are more susceptible to cyberattacks. One of these times can be hospital mergers, according to a recent report from The University of Texas at Dallas (UTD). 

Research conducted by UTD doctoral student Nan Clement indicates “the period during and after hospital mergers and acquisitions is an especially vulnerable time for patient data when the chance of a cybersecurity breach more than doubles.” Clement researched different hospital merger records and archived data breach reporting from the DHS between the years 2010 to 2022. 

There are a few factors as to why mergers pose a unique circumstance for cyber vulnerability: 

  • System Integration 
  • Distraction/Allocation of Resources 
  • Data Migration 
  • Integration of Third-Party Vendors and Partners 
  • Personnel Changes 

System integration is when the merging parties integrate their IT systems and networks. This is a normal part of merging, however, there is an issue that arises from it: gaps in security. These gaps are created when the integration takes place, and they leave the systems or networks wide open to exploitation by hackers. This is even true when integrating third party vendors and partners, as these external factors can bring more angles for attack if unsecure.  

In addition, mergers require significant amounts of time, resources and focus to manage the overall process. The redirection of resources creates less attention towards cybersecurity considerations, therefore leading to new chances for attacks to happen while defenses may be reduced. During the merger process, personnel can change, too. Newer staff will not be as familiar with the already existing security protocols and even weaknesses. This can cause lapses in judgement and poorly configured systems. 

Then there is data migration, where merged hospitals transmit or consolidate data from separate systems. It can indirectly expose patient data or create vulnerabilities if things are not properly secured for the migration process. 

With that, cybersecurity becomes a more critical priority during mergers. It requires the proper personnel to meet and collaborate with each other on different security practices. From there, staff can be trained in those practices to act if the situation calls for it. If the time comes for a merger, cybersecurity defenses must be kept up.  

Jeff Wardon, Jr. is the assistant editor for the facilities market. 



August 17, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.