Connect with us

Hi, what are you looking for?

Tech & Science

Are merging US healthcare organizations especially vulnerable to cyberattacks?

Healthcare mergers make systems more vulnerable to breaches — today’s hackers know this.

healthcare data
Photo by Irwan iwe on Unsplash
Photo by Irwan iwe on Unsplash

A ransomware attack has taken place at CommonSpirit Health, which operates over 1,000 hospitals and care facilities across 21 U.S. states. The organisation continues to deal with the fallout from the incident. Security experts say such tie-ups and acquisitions make healthcare systems more vulnerable to security breaches.

The incident comes as the U.S. FBI warns firms that ransomware attackers tend to target companies going through significant financial events. With healthcare in particular, recent healthcare cyberattacks have hurt hospitals and research facilities, impacting the services they provide for the public and their various investors and stakeholders.

Looking at the implications of the attack for Digital Journal is cybersecurity evangelist and cyber espionage expert, Raj Dodhiawala, CEO of Remediant.

Dodhiawala begins by outlining the details behind the cybersecurity incident: “While CommonSpirit Health didn’t disclose the specific type of strategies and ransomware that attackers deployed, the entire incident which could impact millions of Americans comes as the organization was in the middle of a large debt issuance, and most notably, only a few years after the massive merger of Dignity Health and Catholic Health Initiatives.”

In terms of the implications from the incident, Dodhiawala says that: “Healthcare mergers make systems more vulnerable to breaches — today’s hackers know this. In fact, ransomware attackers typically target organizations that are going through big events like mergers and acquisitions, as there tends to be an imbalance in the cyber resiliency between the networks of the entities that are merging, and the tedious process of improving cybersecurity postures is not a priority.”

It also stands that healthcare is a major target for such attacks. Dodhiawala  sets this out: “As we continue to see the breadth of damage that ransomware is able to accomplish in healthcare within these types of despicable cyberattacks — and it’s clear mergers and acquisitions activity in the healthcare industry isn’t going to go away anytime soon, one way to bolster confidence is to gain insight into how admin authorization (not just authentication) is managed in the individual entities’ networks.”

The U.S. private, for-profit healthcare sector has been full of activity in recent months, with mergers and buyouts nudging the industry along in the form of new groups and organisations, often leading to different technologies coming together. Dodhiawala  also considers lessons to be learned. These are: “The sum total of the combined entity’s resilience is greatly weakened by excessive admin privileges and a fertile environment for lateral movement — a technique that’s used by nearly 80% of today’s successful ransomware attacks — making these insights critical during due diligence, and also during integration.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Amsterdam opened Wednesday the first of its largest-ever bicycle parking complexes, built underwater.


Tesla reported another round of record quarterly profits while confirming its long-term growth outlook.


There has been a significant increase in the number of finance firms using AI to detect fraudulent business activities.

Social Media

Meta announced it would soon reinstate former president Donald Trump's accounts on Facebook and Instagram.