In the aftermath of mergers and acquisitions among healthcare entities – and the resulting IT integration and cost-cutting moves – gaps in technology and skills and other gaps often put organizations at higher risk for attacks and other security incidents, said Jack Danahy of NuHarbor Security.
In recent months, several healthcare organizations – including CommonSpirit and Prospect Medical Holdings – have grown substantially through mergers and acquisitions. Both have been victims of high-profile ransomware attacks that disrupted IT systems and patient care delivery in many of their facilities (see: Mergers and Acquisitions in Healthcare: The Security Risks).
“Most of the problems in cybersecurity happen at those connected points, in those gaps, and that’s really where the challenges arise,” Danahy said. “So even if each one of those organizations was secure in its own administration of its cybersecurity – and even if the acquiring organization had great security – you start putting these things together and suddenly you have to reimagine what cybersecurity means.”
That’s because cybersecurity systems do not exist in a vacuum, he said. “They tend to be tightly intermeshed with other parts of the IT infrastructure, and so there may be unpredictable effects.”
In this interview with Information Security Media Group (see audio link below photo), Danahy also discussed:
- The various gaps created in the aftermath of mergers and acquisitions that add security risk;
- How to avoid common cybersecurity mistakes during and after a merger or acquisition;
- The risk created by technical debt in healthcare.
Danahy leads the research and development of NuHarbor Security’s security service platform. He is also a managing partner at Almanna Cyber Fund, an early-stage cybersecurity investment firm. Prior to joining NuHarbor, Danahy founded three security software companies that were subsequently acquired by Watchguard Technologies, IBM and Alert Logic.