Are mergers of US healthcare organizations especially vulnerable to cyberattacks? – Digital Diary


Photo by Irwan iwe on Unsplash

A ransomware attack has taken place at CommonSpirit Health, which operates more than 1,000 hospitals and care facilities in 21 US states. The organization continues to deal with the aftermath of the incident. Security experts say such ties and acquisitions make healthcare systems more vulnerable to security breaches.

The incident occurs when the US The FBI warns companies that ransomware attackers tend to target companies going through major financial events. With healthcare in particular, recent healthcare cyberattacks have affected hospitals and research facilities, impacting the services they provide to the public and their various investors and stakeholders.

Looking at the implications of the attack for Digital magazine is a cybersecurity evangelist and cyber espionage expert, Raj Dodhiawala, CEO of Remedial.

Dodhiawala begins by describing the details behind the cybersecurity incident: “While CommonSpirit Health did not disclose the specific type of strategies and ransomware the attackers deployed, the entire incident that could affect millions of Americans comes as the organization was in the midst of a huge debt issuance, and most notably, just a few years after the massive merger of Dignity Health and Catholic Health Initiatives.”

In terms of the implications of the incident, Dodhiawala says that: “Mergers in the healthcare sector make systems more vulnerable to breaches; today’s hackers know this. In fact, ransomware attackers typically target organizations undergoing major events such as mergers and acquisitions, as there tends to be an imbalance in cyber resilience between the networks of merging entities, and the tedious process of upgrading cybersecurity postures is not enough. a priority.”

It is also highlighted that healthcare is a major target for such attacks. Dodhiawala states this: “As we continue to see the breadth of damage that ransomware can do in healthcare within these despicable types of cyberattacks, and it is clear that M&A activity in the healthcare industry health is not going away anytime soon. , one way to bolster trust is to gain insight into how administrator authorization (not just authentication) is managed on individual entity networks.”

The US private for-profit healthcare sector has been abuzz in recent months, with mergers and acquisitions propelling the industry in the form of new groups and organizations, often leading to different technologies They join. Dodhiawala also believes that there are lessons to be learned. These are: “The sum total of the resiliency of the combined entity is greatly weakened by excessive admin privileges and a fertile environment for lateral movement, a technique used in nearly 80% of successful ransomware attacks from today, which makes this information critical during due diligence, and also during integration.”


Please enter your comment!
Please enter your name here